Conveying value of implementing an integrated data management and protection system

ABSTRACT

A system and method are described for conveying to a user the value it would receive by implementing an integrated system to protect and manage its data. An integrated system can combine archiving, backup, snapshot management, reporting, secure data access, eDiscovery and data analytics, among other functions, thus simplifying data protection and data management for an organization. The system generates a value dashboard, exhibiting value data, including data and graphics portraying the benefits to a user of implementing an integrated data management and protection system. Value may be evaluated with reference to simplification and efficiency, risk reduction, and unlocking data value.

INCORPORATION BY REFERENCE TO ANY PRIORITY APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 14/737,382 filed Jun. 11, 2015, entitled “CONVEYING VALUE OFIMPLEMENTING AN INTEGRATED DATA MANAGEMENT AND PROTECTION SYSTEM” whichclaims the benefit of U.S. Provisional Patent Application No. 62/010,676filed Jun. 11, 2014, entitled “CONVEYING VALUE OF IMPLEMENTING ANINTEGRATED DATA MANAGEMENT AND PROTECTION SYSTEM” which is incorporatedherein by reference in its entirety. Any and all applications, if any,for which a foreign or domestic priority claim is identified in theApplication Data Sheet of the present application are herebyincorporated by reference under 37 CFR 1.57.

BACKGROUND

Businesses worldwide recognize the commercial value of their data andseek reliable, cost-effective ways to protect the information stored ontheir computer networks while minimizing impact on productivity.Protecting information is often part of a routine process that isperformed within an organization. A company might back up criticalcomputing systems such as databases, file servers, web servers, and soon as part of a daily, weekly, or monthly maintenance schedule. Thecompany may similarly protect computing systems used by each of itsemployees, such as those used by an accounting department, marketingdepartment, engineering department, and so forth.

Given the rapidly expanding volume of data under management, companiesalso continue to seek innovative techniques for managing data growth, inaddition to protecting data. For instance, companies often implementmigration techniques for moving data to lower cost storage over time anddata reduction techniques for reducing redundant data, pruning lowerpriority data, etc. Enterprises also increasingly view their stored dataas a valuable asset. Along these lines, customers or users are lookingfor solutions that not only protect and manage, but also leverage theirdata. For instance, solutions providing data analysis capabilities,information management, improved data presentation and access features,and the like, are in increasing demand.

For managing its data, a business typically relies on data storagesoftware and/or services provided by third parties. These providersoffer an array of data management systems that address the varyingstorage needs of their users. While users generally appreciate havingmultiple services to choose from, they often find it difficult toidentify which systems best meet their data management needs. Likewise,providers struggle to determine which services to market toward apotential user because each user's needs vary depending on its industryand particular circumstances.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1A is a block diagram illustrating an exemplary informationmanagement system.

FIG. 1B is a detailed view of a primary storage device, a secondarystorage device, and some examples of primary data and secondary copydata.

FIG. 1C is a block diagram of an exemplary information management systemincluding a storage manager, one or more data agents, and one or moremedia agents.

FIG. 1D is a block diagram illustrating a scalable informationmanagement system.

FIG. 1E illustrates certain secondary copy operations according to anexemplary storage policy.

FIGS. 1F-1H are block diagrams illustrating suitable data structuresthat may be employed by the information management system.

FIG. 2 is a block diagram illustrating some salient portions of a systemfor identifying value associated with an integrated data management andprotection system for a customer or user, according to an illustrativeembodiment of the present invention.

FIG. 3 depicts some salient operations of a method for identifying valueassociated with an integrated data management and protection system fora user.

FIGS. 4A-J depicts an illustrative graphical user interface showing dataentry fields for receiving information related to data management andprotection for a user in the illustrative system.

FIGS. 5A and 5B depict an illustrative graphical user interface showinga value dashboard for conveying value of a user implementing a datamanagement and protection system.

FIGS. 6A and 6B depict an illustrative graphical user interface showinga value story for conveying value of a user implementing a datamanagement and protection system and receiving information related todata management and protection needs of the user.

FIG. 7 depicts an illustrative graphical user interface or display forconveying value of a user implementing a data management and protectionsystem such as for cloud management.

FIG. 8A through 8E depict suitable graphical user interfaces or displaysshowing input boxes or sliders for receiving data on various variablesrelated to virtual machine archiving, virtualization costs, loadedrecovery costs, recovery capabilities, and legal discovery savings,respectively, and showing bar charts for depicting comparisons betweenexisting products/performance and corresponding products/performancewhen implemented using another supplier.

FIG. 9A through 9E depict suitable graphical user interfaces or displaysshowing alternatives for receiving data at various variables andproviding computed information.

FIG. 10 is a curve associated with a risk score between 0.0 and 10.0using a semi-complex straight line curve with three different slopes andfour points that define the curve.

DETAILED DESCRIPTION

Systems and methods are disclosed for conveying to a customer or userthe value received by implementing an integrated solution or system toprotect and manage data. The system generates a value dashboard,exhibiting value data, including data and graphics portraying thebenefits to a user of an integrated data management and protectionsystem and changes from an existing system that the user may have.

The system computes and conveys value in statistics and graphs showingimprovements the user would receive by implementing, e.g. an integrateddata storage and management system or solution. The system can displaythis value data in relation to alternative data management andprotection systems, such as systems offered by different data managementand protection providers. Furthermore, the system can calculate scoresrepresenting value received by a user. One score generated by the systemis a data and information risk exposure score. The data and informationrisk exposure score, or DIRE Index, reflects an aggregation ofoperational complexity, recovery efficiency, and relative exposure tolegal issues, compliance failures, downtime or data loss. Further, thesystem can generate scripts, examples, or vignettes that to help conveythe information computed by the system.

Overall, the system described herein provides 1) a definition of valuefor a user, 2) a computer-implemented mapping of user data to the valuedefinition, and 3) calculators and processes that employ the user datain certain tools to generate output useful in depicting and explainingthe calculated value. Regarding the definition of value, data storagecompanies address cost reduction, risks and getting value from data. Thepresent system formalizes process and actually quantifies value based anew definition of it, where the system provides weightings to at leastthree value components—Simplification, Risk Reduction and Unlocking DataValue (e.g. an equal weighting to each), as well as provide cleardefinitions of value under each value component, as discussed below.

Regarding user data: the system leverages two types of data: 1) customerdata previously a) gathered by the company via survey, b) statisticallyvalidated(e.g. by third party consultant), and c) mapped into the threecomponents of the Value Definition; and 2) data supplied by the currentuser of the system. Prior customer data provides baseline values fordifferent areas of impact and different metrics of value, providing acredible foundation when presenting value calculations back to users.Users can change these values freely, but prior customer data providesthe credible baseline—empirical data to provide more accurate, automaticdata calculations.

Regarding automatically mapping user data into the value definition, thesystem a) gathers user data by obtaining or surveying user data, b)statistically validates the user data, and c) maps it into the threevalue components. Regarding the use of the value definition and tools,the system combines the new definition of value with the user data toprovide a foundation or credibility when presenting value calculationsback to users or users. These components in combination (definition,data and tools), make a complete package.

Examples of such systems and methods are described in further detailherein, in reference to FIGS. 2-5. The system components andfunctionality may be configured and/or incorporated into informationmanagement systems such as those described herein in FIGS. 1A-1H.

Information Management System Overview

With the increasing importance of protecting and leveraging data,organizations simply cannot afford to take the risk of losing criticaldata. Moreover, runaway data growth and other modern realities makeprotecting and managing data an increasingly difficult task. There istherefore a need for efficient, powerful, and user-friendly systems forprotecting and managing data.

Depending on the size of the organization, there are typically many dataproduction sources which are under the purview of tens, hundreds, oreven thousands of employees or other individuals. In the past,individual employees were sometimes responsible for managing andprotecting their data. A patchwork of hardware and software pointsystems has been applied in other cases. These systems were oftenprovided by different vendors and had limited or no interoperability.

Certain embodiments described herein provide systems and methods capableof addressing these and other shortcomings of prior approaches byimplementing unified, organization-wide information management. FIG. 1Ashows one such information management system 100, which generallyincludes combinations of hardware and software configured to protect andmanage data and metadata, which is generated and used by the variouscomputing devices in information management system 100. The organizationthat employs the information management system 100 may be a corporationor other business entity, non-profit organization, educationalinstitution, household, governmental agency, or the like.

Generally, the systems and associated components described herein may becompatible with and/or provide some or all of the functionality of thesystems and corresponding components described in one or more of thefollowing U.S. patents and patent application publications assigned toCommVault Systems, Inc., each of which is hereby incorporated in itsentirety by reference herein:

-   -   U.S. Pat. No. 7,035,880, entitled “Modular Backup and Retrieval        System Used in Conjunction With a Storage Area Network”;    -   U.S. Pat. No. 7,107,298, entitled “System And Method For        Archiving Objects In An Information Store”;    -   U.S. Pat. No. 7,246,207, entitled “System and Method for        Dynamically Performing Storage Operations in a Computer        Network”;    -   U.S. Pat. No. 7,315,923, entitled “System And Method For        Combining Data Streams In Pipelined Storage Operations In A        Storage Network”;    -   U.S. Pat. No. 7,343,453, entitled “Hierarchical Systems and        Methods for Providing a Unified View of Storage Information”;    -   U.S. Pat. No. 7,395,282, entitled “Hierarchical Backup and        Retrieval System”;    -   U.S. Pat. No. 7,529,782, entitled “System and Methods for        Performing a Snapshot and for Restoring Data”;    -   U.S. Pat. No. 7,617,262, entitled “System and Methods for        Monitoring Application Data in a Data Replication System”;    -   U.S. Pat. No. 7,747,579, entitled “Metabase for Facilitating        Data Classification”;    -   U.S. Pat. No. 8,156,086, entitled “Systems And Methods For        Stored Data Verification”;    -   U.S. Pat. No. 8,170,995, entitled “Method and System for Offline        Indexing of Content and Classifying Stored Data”;    -   U.S. Pat. No. 8,229,954, entitled “Managing Copies Of Data”;    -   U.S. Pat. No. 8,230,195, entitled “System And Method For        Performing Auxiliary Storage Operations”;    -   U.S. Pat. No. 8,285,681, entitled “Data Object Store and Server        for a Cloud Storage Environment, Including Data Deduplication        and Data Management Across Multiple Cloud Storage Sites”;    -   U.S. Pat. No. 8,307,177, entitled “Systems And Methods For        Management Of Virtualization Data”;    -   U.S. Pat. No. 8,364,652, entitled “Content-Aligned, Block-Based        Deduplication”;    -   U.S. Pat. No. 8,578,120, entitled “Block-Level Single        Instancing”;    -   U.S. Pat. Pub. No. 2006/0224846, entitled “System and Method to        Support Single Instance Storage Operations”;    -   U.S. Pat. Pub. No. 2009/0319534, entitled “Application-Aware and        Remote Single Instance Data Management”;    -   U.S. Pat. Pub. No. 2012/0150818, entitled “Client-Side        Repository in a Networked Deduplicated Storage System”; and    -   U.S. Pat. Pub. No. 2012/0150826, entitled “Distributed        Deduplicated Storage System”.

The information management system 100 can include a variety of differentcomputing devices. For instance, as will be described in greater detailherein, the information management system 100 can include one or moreclient computing devices 102 and secondary storage computing devices106.

Computing devices can include, without limitation, one or more:workstations, personal computers, desktop computers, or other types ofgenerally fixed computing systems such as mainframe computers andminicomputers. Other computing devices can include mobile or portablecomputing devices, such as one or more laptops, tablet computers,personal data assistants, mobile phones (such as smartphones), and othermobile or portable computing devices such as embedded computers, set topboxes, vehicle-mounted devices, wearable computers, etc. Computingdevices can include servers, such as mail servers, file servers,database servers, and web servers.

In some cases, a computing device includes virtualized and/or cloudcomputing resources. For instance, one or more virtual machines may beprovided to the organization by a third-party cloud service vendor. Or,in some embodiments, computing devices can include one or more virtualmachine(s) running on a physical host computing device (or “hostmachine”) operated by the organization. As one example, the organizationmay use one virtual machine as a database server and another virtualmachine as a mail server, both virtual machines operating on the samehost machine.

A virtual machine includes an operating system and associated virtualresources, and is hosted simultaneously with another operating system ona physical host computer (or host machine). A hypervisor (typicallysoftware, and also known in the art as a virtual machine monitor or avirtual machine manager or “VMM”) sits between the virtual machine andthe hardware of the physical host machine. One example of hypervisor asvirtualization software is ESX Server, by VMware, Inc. of Palo Alto,Calif.; other examples include Microsoft Virtual Server and MicrosoftWindows Server Hyper-V, both by Microsoft Corporation of Redmond, Wash.,and Sun xVM by Oracle America Inc. of Santa Clara, Calif. In someembodiments, the hypervisor may be firmware or hardware or a combinationof software and/or firmware and/or hardware.

The hypervisor provides to each virtual operating system virtualresources, such as a virtual processor, virtual memory, a virtualnetwork device, and a virtual disk. Each virtual machine has one or morevirtual disks. The hypervisor typically stores the data of virtual disksin files on the file system of the physical host machine, called virtualmachine disk files (in the case of VMware virtual servers) or virtualhard disk image files (in the case of Microsoft virtual servers). Forexample, VMware's ESX Server provides the Virtual Machine File System(VMFS) for the storage of virtual machine disk files. A virtual machinereads data from and writes data to its virtual disk much the same waythat an actual physical machine reads data from and writes data to anactual disk.

Examples of techniques for implementing information managementtechniques in a cloud computing environment are described in U.S. Pat.No. 8,285,681, which is incorporated by reference herein. Examples oftechniques for implementing information management techniques in avirtualized computing environment are described in U.S. Pat. No.8,307,177, also incorporated by reference herein.

The information management system 100 can also include a variety ofstorage devices, including primary storage devices 104 and secondarystorage devices 108, for example. Storage devices can generally be ofany suitable type including, without limitation, disk drives, hard-diskarrays, semiconductor memory (e.g., solid state storage devices),network attached storage (NAS) devices, tape libraries or othermagnetic, non-tape storage devices, optical media storage devices,DNA/RNA-based memory technology, combinations of the same, and the like.In some embodiments, storage devices can form part of a distributed filesystem. In some cases, storage devices are provided in a cloud (e.g., aprivate cloud or one operated by a third-party vendor). A storage devicein some cases comprises a disk array or portion thereof.

The illustrated information management system 100 includes one or moreclient computing device 102 having at least one application 110executing thereon, and one or more primary storage devices 104 storingprimary data 112. The client computing device(s) 102 and the primarystorage devices 104 may generally be referred to in some cases as aprimary storage subsystem 117. A computing device in an informationmanagement system 100 that has a data agent 142 installed and operatingon it is generally referred to as a client computing device 102 (or, inthe context of a component of the information management system 100simply as a “client”). Depending on the context, the term “informationmanagement system” can refer to generally all of the illustratedhardware and software components. Or, in other instances, the term mayrefer to only a subset of the illustrated components. Similar terms forthe same system are used interchangeably herein.

For instance, in some cases, the information management system 100generally refers to a combination of specialized components used toprotect, move, manage, manipulate, analyze, and/or process data andmetadata generated by the client computing devices 102. However, theinformation management system 100 in some cases does not include theunderlying components that generate and/or store the primary data 112,such as the client computing devices 102 themselves, the applications110 and operating system operating on the client computing devices 102,and the primary storage devices 104. As an example, “informationmanagement system” may sometimes refer to one or more of the followingcomponents and corresponding data structures: storage managers, dataagents, and media agents. These components will be described in furtherdetail below.

Client Computing Devices

There are typically a variety of sources in an organization that producedata to be protected and managed. As just one illustrative example, in acorporate environment such data sources can be employee workstations andcompany servers such as a mail server, a web server, a database server,a transaction server, or the like. In the information management system100, the data generation sources include the one or more clientcomputing devices 102.

The client computing devices 102 may include any of the types ofcomputing devices described above, without limitation, and in some casesthe client computing devices 102 are associated with one or more usersand/or corresponding user accounts, of employees or other individuals.

The information management system 100 generally addresses and handlesthe data management and protection needs for the data generated by theclient computing devices 102. However, the use of this term does notimply that the client computing devices 102 cannot be “servers” in otherrespects. For instance, a particular client computing device 102 may actas a server with respect to other devices, such as other clientcomputing devices 102. As just a few examples, the client computingdevices 102 can include mail servers, file servers, database servers,and web servers.

Each client computing device 102 may have one or more applications 110(e.g., software applications) executing thereon which generate andmanipulate the data that is to be protected from loss and managed. Theapplications 110 generally facilitate the operations of an organization(or multiple affiliated organizations), and can include, withoutlimitation, mail server applications (e.g., Microsoft Exchange Server),file server applications, mail client applications (e.g., MicrosoftExchange Client), database applications (e.g., SQL, Oracle, SAP, LotusNotes Database), word processing applications (e.g., Microsoft Word),spreadsheet applications, financial applications, presentationapplications, graphics and/or video applications, browser applications,mobile applications, entertainment applications, and so on.

The client computing devices 102 can have at least one operating system(e.g., Microsoft Windows, Mac OS X, iOS, IBM z/OS, Linux, otherUnix-based operating systems, etc.) installed thereon, which may supportor host one or more file systems and other applications 110.

The client computing devices 102 and other components in informationmanagement system 100 can be connected to one another via one or morecommunication pathways 114. For example, a first communication pathway114 may connect (or communicatively couple) client computing device 102and secondary storage computing device 106; a second communicationpathway 114 may connect storage manager 140 and client computing device102; and a third communication pathway 114 may connect storage manager140 and secondary storage computing device 106, etc. (see, e.g., FIG. 1Aand FIG. 1C). The communication pathways 114 can include one or morenetworks or other connection types including one or more of thefollowing, without limitation: the Internet, a wide area network (WAN),a local area network (LAN), a Storage Area Network (SAN), a FibreChannel connection, a Small Computer System Interface (SCSI) connection,a virtual private network (VPN), a token ring or TCP/IP based network,an intranet network, a point-to-point link, a cellular network, awireless data transmission system, a two-way cable system, aninteractive kiosk network, a satellite network, a broadband network, abaseband network, a neural network, a mesh network, an ad hoc network,other appropriate wired, wireless, or partially wired/wireless computeror telecommunications networks, combinations of the same or the like.The communication pathways 114 in some cases may also includeapplication programming interfaces (APIs) including, e.g., cloud serviceprovider APIs, virtual machine management APIs, and hosted serviceprovider APIs. The underlying infrastructure of communication paths 114may be wired and/or wireless, analog and/or digital, or any combinationthereof; and the facilities used may be private, public, third-partyprovided, or any combination thereof, without limitation.

Primary Data and Exemplary Primary Storage Devices

Primary data 112 according to some embodiments is production data orother “live” data generated by the operating system and/or applications110 operating on a client computing device 102. The primary data 112 isgenerally stored on the primary storage device(s) 104 and is organizedvia a file system supported by the client computing device 102. Forinstance, the client computing device(s) 102 and correspondingapplications 110 may create, access, modify, write, delete, andotherwise use primary data 112. In some cases, some or all of theprimary data 112 can be stored in cloud storage resources (e.g., primarystorage device 104 may be a cloud-based resource).

Primary data 112 is generally in the native format of the sourceapplication 110. According to certain aspects, primary data 112 is aninitial or first (e.g., created before any other copies or before atleast one other copy) stored copy of data generated by the sourceapplication 110. Primary data 112 in some cases is created substantiallydirectly from data generated by the corresponding source applications110.

The primary storage devices 104 storing the primary data 112 may berelatively fast and/or expensive technology (e.g., a disk drive, ahard-disk array, solid state memory, etc.). In addition, primary data112 may be highly changeable and/or may be intended for relatively shortterm retention (e.g., hours, days, or weeks).

According to some embodiments, the client computing device 102 canaccess primary data 112 from the primary storage device 104 by makingconventional file system calls via the operating system. Primary data112 may include structured data (e.g., database files), unstructureddata (e.g., documents), and/or semi-structured data. Some specificexamples are described below with respect to FIG. 1B.

It can be useful in performing certain tasks to organize the primarydata 112 into units of different granularities. In general, primary data112 can include files, directories, file system volumes, data blocks,extents, or any other hierarchies or organizations of data objects. Asused herein, a “data object” can refer to both (1) any file that iscurrently addressable by a file system or that was previouslyaddressable by the file system (e.g., an archive file) and (2) a subsetof such a file (e.g., a data block).

As will be described in further detail, it can also be useful inperforming certain functions of the information management system 100 toaccess and modify metadata within the primary data 112. Metadatagenerally includes information about data objects or characteristicsassociated with the data objects. For simplicity herein, it is to beunderstood that, unless expressly stated otherwise, any reference toprimary data 112 generally also includes its associated metadata, butreferences to the metadata do not include the primary data.

Metadata can include, without limitation, one or more of the following:the data owner (e.g., the client or user that generates the data), thelast modified time (e.g., the time of the most recent modification ofthe data object), a data object name (e.g., a file name), a data objectsize (e.g., a number of bytes of data), information about the content(e.g., an indication as to the existence of a particular search term),user-supplied tags, to/from information for email (e.g., an emailsender, recipient, etc.), creation date, file type (e.g., format orapplication type), last accessed time, application type (e.g., type ofapplication that generated the data object), location/network (e.g., acurrent, past or future location of the data object and network pathwaysto/from the data object), geographic location (e.g., GPS coordinates),frequency of change (e.g., a period in which the data object ismodified), business unit (e.g., a group or department that generates,manages or is otherwise associated with the data object), aginginformation (e.g., a schedule, such as a time period, in which the dataobject is migrated to secondary or long term storage), boot sectors,partition layouts, file location within a file folder directorystructure, user permissions, owners, groups, access control lists[ACLs]), system metadata (e.g., registry information), combinations ofthe same or other similar information related to the data object.

In addition to metadata generated by or related to file systems andoperating systems, some of the applications 110 and/or other componentsof the information management system 100 maintain indices of metadatafor data objects, e.g., metadata associated with individual emailmessages. Thus, each data object may be associated with correspondingmetadata. The use of metadata to perform classification and otherfunctions is described in greater detail below.

Each of the client computing devices 102 are generally associated withand/or in communication with one or more of the primary storage devices104 storing corresponding primary data 112. A client computing device102 may be considered to be “associated with” or “in communication with”a primary storage device 104 if it is capable of one or more of: routingand/or storing data (e.g., primary data 112) to the particular primarystorage device 104, coordinating the routing and/or storing of data tothe particular primary storage device 104, retrieving data from theparticular primary storage device 104, coordinating the retrieval ofdata from the particular primary storage device 104, and modifyingand/or deleting data retrieved from the particular primary storagedevice 104.

The primary storage devices 104 can include any of the different typesof storage devices described above, or some other kind of suitablestorage device. The primary storage devices 104 may have relatively fastI/O times and/or are relatively expensive in comparison to the secondarystorage devices 108. For example, the information management system 100may generally regularly access data and metadata stored on primarystorage devices 104, whereas data and metadata stored on the secondarystorage devices 108 is accessed relatively less frequently.

Primary storage device 104 may be dedicated or shared. In some cases,each primary storage device 104 is dedicated to an associated clientcomputing device 102. For instance, a primary storage device 104 in oneembodiment is a local disk drive of a corresponding client computingdevice 102. In other cases, one or more primary storage devices 104 canbe shared by multiple client computing devices 102, e.g., via a networksuch as in a cloud storage implementation. As one example, a primarystorage device 104 can be a disk array shared by a group of clientcomputing devices 102, such as one of the following types of diskarrays: EMC Clariion, EMC Symmetrix, EMC Celerra, Dell EqualLogic, IBMXIV, NetApp FAS, HP EVA, and HP 3PAR.

The information management system 100 may also include hosted services(not shown), which may be hosted in some cases by an entity other thanthe organization that employs the other components of the informationmanagement system 100. For instance, the hosted services may be providedby various online service providers to the organization. Such serviceproviders can provide services including social networking services,hosted email services, or hosted productivity applications or otherhosted applications). Hosted services may include software-as-a-service(SaaS), platform-as-a-service (PaaS), application service providers(ASPs), cloud services, or other mechanisms for delivering functionalityvia a network. As it provides services to users, each hosted service maygenerate additional data and metadata under management of theinformation management system 100, e.g., as primary data 112. In somecases, the hosted services may be accessed using one of the applications110. As an example, a hosted mail service may be accessed via browserrunning on a client computing device 102. The hosted services may beimplemented in a variety of computing environments. In some cases, theyare implemented in an environment having a similar arrangement to theinformation management system 100, where various physical and logicalcomponents are distributed over a network.

Secondary Copies and Exemplary Secondary Storage Devices

The primary data 112 stored on the primary storage devices 104 may becompromised in some cases, such as when an employee deliberately oraccidentally deletes or overwrites primary data 112 during their normalcourse of work. Or the primary storage devices 104 can be damaged, lost,or otherwise corrupted. For recovery and/or regulatory compliancepurposes, it is therefore useful to generate copies of the primary data112. Accordingly, the information management system 100 includes one ormore secondary storage computing devices 106 and one or more secondarystorage devices 108 configured to create and store one or more secondarycopies 116 of the primary data 112 and associated metadata. Thesecondary storage computing devices 106 and the secondary storagedevices 108 may sometimes be referred to as a secondary storagesubsystem 118.

Creation of secondary copies 116 can help in search and analysis effortsand meet other information management goals, such as: restoring dataand/or metadata if an original version (e.g., of primary data 112) islost (e.g., by deletion, corruption, or disaster); allowingpoint-in-time recovery; complying with regulatory data retention andelectronic discovery (e-discovery) requirements; reducing utilizedstorage capacity; facilitating organization and search of data;improving user access to data files across multiple computing devicesand/or hosted services; and implementing data retention policies.

The client computing devices 102 access or receive primary data 112 andcommunicate the data, e.g., over one or more communication pathways 114,for storage in the secondary storage device(s) 108.

A secondary copy 116 can comprise a separate stored copy of applicationdata that is derived from one or more earlier-created, stored copies(e.g., derived from primary data 112 or another secondary copy 116).Secondary copies 116 can include point-in-time data, and may be intendedfor relatively long-term retention (e.g., weeks, months or years),before some or all of the data is moved to other storage or isdiscarded.

In some cases, a secondary copy 116 is a copy of application datacreated and stored subsequent to at least one other stored instance(e.g., subsequent to corresponding primary data 112 or to anothersecondary copy 116), in a different storage device than at least oneprevious stored copy, and/or remotely from at least one previous storedcopy. In some other cases, secondary copies can be stored in the samestorage device as primary data 112 and/or other previously storedcopies. For example, in one embodiment a disk array capable ofperforming hardware snapshots stores primary data 112 and creates andstores hardware snapshots of the primary data 112 as secondary copies116. Secondary copies 116 may be stored in relatively slow and/or lowcost storage (e.g., magnetic tape). A secondary copy 116 may be storedin a backup or archive format, or in some other format different thanthe native source application format or other primary data format.

In some cases, secondary copies 116 are indexed so users can browse andrestore at another point in time. After creation of a secondary copy 116representative of certain primary data 112, a pointer or other locationindicia (e.g., a stub) may be placed in primary data 112, or beotherwise associated with primary data 112 to indicate the currentlocation on the secondary storage device(s) 108 of secondary copy 116.

Since an instance of a data object or metadata in primary data 112 maychange over time as it is modified by an application 110 (or hostedservice or the operating system), the information management system 100may create and manage multiple secondary copies 116 of a particular dataobject or metadata, each representing the state of the data object inprimary data 112 at a particular point in time. Moreover, since aninstance of a data object in primary data 112 may eventually be deletedfrom the primary storage device 104 and the file system, the informationmanagement system 100 may continue to manage point-in-timerepresentations of that data object, even though the instance in primarydata 112 no longer exists.

For virtualized computing devices the operating system and otherapplications 110 of the client computing device(s) 102 may executewithin or under the management of virtualization software (e.g., a VMM),and the primary storage device(s) 104 may comprise a virtual diskcreated on a physical storage device. The information management system100 may create secondary copies 116 of the files or other data objectsin a virtual disk file and/or secondary copies 116 of the entire virtualdisk file itself (e.g., of an entire .vmdk file).

Secondary copies 116 may be distinguished from corresponding primarydata 112 in a variety of ways, some of which will now be described.First, as discussed, secondary copies 116 can be stored in a differentformat (e.g., backup, archive, or other non-native format) than primarydata 112. For this or other reasons, secondary copies 116 may not bedirectly useable by the applications 110 of the client computing device102, e.g., via standard system calls or otherwise without modification,processing, or other intervention by the information management system100.

Secondary copies 116 are also in some embodiments stored on a secondarystorage device 108 that is inaccessible to the applications 110 runningon the client computing devices 102 (and/or hosted services). Somesecondary copies 116 may be “offline copies,” in that they are notreadily available (e.g., not mounted to tape or disk). Offline copiescan include copies of data that the information management system 100can access without human intervention (e.g., tapes within an automatedtape library, but not yet mounted in a drive), and copies that theinformation management system 100 can access only with at least somehuman intervention (e.g., tapes located at an offsite storage site).

The Use of Intermediate Devices for Creating Secondary Copies

Creating secondary copies can be a challenging task. For instance, therecan be hundreds or thousands of client computing devices 102 continuallygenerating large volumes of primary data 112 to be protected. Also,there can be significant overhead involved in the creation of secondarycopies 116. Moreover, secondary storage devices 108 may be specialpurpose components, and interacting with them can require specializedintelligence.

In some cases, the client computing devices 102 interact directly withthe secondary storage device 108 to create the secondary copies 116.However, in view of the factors described above, this approach cannegatively impact the ability of the client computing devices 102 toserve the applications 110 and produce primary data 112. Further, theclient computing devices 102 may not be optimized for interaction withthe secondary storage devices 108.

Thus, in some embodiments, the information management system 100includes one or more software and/or hardware components which generallyact as intermediaries between the client computing devices 102 and thesecondary storage devices 108. In addition to off-loading certainresponsibilities from the client computing devices 102, theseintermediate components can provide other benefits. For instance, asdiscussed further below with respect to FIG. 1D, distributing some ofthe work involved in creating secondary copies 116 can enhancescalability.

The intermediate components can include one or more secondary storagecomputing devices 106 as shown in FIG. 1A and/or one or more mediaagents, which can be software modules operating on correspondingsecondary storage computing devices 106 (or other appropriate computingdevices). Media agents are discussed below (e.g., with respect to FIGS.1C-1E).

The secondary storage computing device(s) 106 can comprise any of thecomputing devices described above, without limitation. In some cases,the secondary storage computing device(s) 106 include specializedhardware and/or software componentry for interacting with the secondarystorage devices 108.

To create a secondary copy 116 involving the copying of data from theprimary storage subsystem 117 to the secondary storage subsystem 118,the client computing device 102 in some embodiments communicates theprimary data 112 to be copied (or a processed version thereof) to thedesignated secondary storage computing device 106, via the communicationpathway 114. The secondary storage computing device 106 in turn conveysthe received data (or a processed version thereof) to the secondarystorage device 108. In some such configurations, the communicationpathway 114 between the client computing device 102 and the secondarystorage computing device 106 comprises a portion of a LAN, WAN or SAN.In other cases, at least some client computing devices 102 communicatedirectly with the secondary storage devices 108 (e.g., via Fibre Channelor SCSI connections). In some other cases, one or more secondary copies116 are created from existing secondary copies, such as in the case ofan auxiliary copy operation, described in greater detail below.

Exemplary Primary Data and an Exemplary Secondary Copy

FIG. 1B is a detailed view showing some specific examples of primarydata stored on the primary storage device(s) 104 and secondary copy datastored on the secondary storage device(s) 108, with other components inthe system removed for the purposes of illustration. Stored on theprimary storage device(s) 104 are primary data objects including wordprocessing documents 119A-B, spreadsheets 120, presentation documents122, video files 124, image files 126, email mailboxes 128 (andcorresponding email messages 129A-C), html/xml or other types of markuplanguage files 130, databases 132 and corresponding tables or other datastructures 133A-133C).

Some or all primary data objects are associated with correspondingmetadata (e.g., “Metal-11”), which may include file system metadataand/or application specific metadata. Stored on the secondary storagedevice(s) 108 are secondary copy data objects 134A-C which may includecopies of or otherwise represent corresponding primary data objects andmetadata.

As shown, the secondary copy data objects 134A-C can individuallyrepresent more than one primary data object. For example, secondary copydata object 134A represents three separate primary data objects 133C,122, and 129C (represented as 133C′, 122′, and 129C′, respectively, andaccompanied by the corresponding metadata Meta11, Meta3, and Meta8,respectively). Moreover, as indicated by the prime mark (′), a secondarycopy object may store a representation of a primary data object and/ormetadata differently than the original format, e.g., in a compressed,encrypted, deduplicated, or other modified format. Likewise, secondarydata object 1346 represents primary data objects 120, 1336, and 119A as120′, 1336′, and 119A′, respectively and accompanied by correspondingmetadata Meta2, Meta10, and Meta1, respectively. Also, secondary dataobject 134C represents primary data objects 133A, 1196, and 129A as133A′, 1196′, and 129A′, respectively, accompanied by correspondingmetadata Meta9, Meta5, and Meta6, respectively.

Exemplary Information Management System Architecture

The information management system 100 can incorporate a variety ofdifferent hardware and software components, which can in turn beorganized with respect to one another in many different configurations,depending on the embodiment. There are critical design choices involvedin specifying the functional responsibilities of the components and therole of each component in the information management system 100. Forinstance, as will be discussed, such design choices can impactperformance as well as the adaptability of the information managementsystem 100 to data growth or other changing circumstances.

FIG. 1C shows an information management system 100 designed according tothese considerations and which includes: storage manager 140, acentralized storage and/or information manager that is configured toperform certain control functions, one or more data agents 142 executingon the client computing device(s) 102 configured to process primary data112, and one or more media agents 144 executing on the one or moresecondary storage computing devices 106 for performing tasks involvingthe secondary storage devices 108. While distributing functionalityamongst multiple computing devices can have certain advantages, in othercontexts it can be beneficial to consolidate functionality on the samecomputing device. As such, in various other embodiments, one or more ofthe components shown in FIG. 1C as being implemented on separatecomputing devices are implemented on the same computing device. In oneconfiguration, a storage manager 140, one or more data agents 142, andone or more media agents 144 are all implemented on the same computingdevice. In another embodiment, one or more data agents 142 and one ormore media agents 144 are implemented on the same computing device,while the storage manager 140 is implemented on a separate computingdevice, etc. without limitation.

Storage Manager

As noted, the number of components in the information management system100 and the amount of data under management can be quite large. Managingthe components and data is therefore a significant task, and a task thatcan grow in an often unpredictable fashion as the quantity of componentsand data scale to meet the needs of the organization. For these andother reasons, according to certain embodiments, responsibility forcontrolling the information management system 100, or at least asignificant portion of that responsibility, is allocated to the storagemanager 140. By distributing control functionality in this manner, thestorage manager 140 can be adapted independently according to changingcircumstances. Moreover, a computing device for hosting the storagemanager 140 can be selected to best suit the functions of the storagemanager 140. These and other advantages are described in further detailbelow with respect to FIG. 1D.

The storage manager 140 may be a software module or other application,which, in some embodiments operates in conjunction with one or moreassociated data structures, e.g., a dedicated database (e.g., managementdatabase 146). In some embodiments, storage manager 140 is a computingdevice comprising circuitry for executing computer instructions andperforms the functions described herein. The storage manager generallyinitiates, performs, coordinates and/or controls storage and otherinformation management operations performed by the informationmanagement system 100, e.g., to protect and control the primary data 112and secondary copies 116 of data and metadata. In general, storagemanager 100 may be said to manage information management system 100,which includes managing the constituent components, e.g., data agentsand media agents, etc.

As shown by the dashed arrowed lines 114 in FIG. 1C, the storage manager140 may communicate with and/or control some or all elements of theinformation management system 100, such as the data agents 142 and mediaagents 144. Thus, in certain embodiments, control information originatesfrom the storage manager 140 and status reporting is transmitted tostorage manager 140 by the various managed components, whereas payloaddata and payload metadata is generally communicated between the dataagents 142 and the media agents 144 (or otherwise between the clientcomputing device(s) 102 and the secondary storage computing device(s)106), e.g., at the direction of and under the management of the storagemanager 140. Control information can generally include parameters andinstructions for carrying out information management operations, suchas, without limitation, instructions to perform a task associated withan operation, timing information specifying when to initiate a taskassociated with an operation, data path information specifying whatcomponents to communicate with or access in carrying out an operation,and the like. Payload data, on the other hand, can include the actualdata involved in the storage operation, such as content data written toa secondary storage device 108 in a secondary copy operation. Payloadmetadata can include any of the types of metadata described herein, andmay be written to a storage device along with the payload content data(e.g., in the form of a header).

In other embodiments, some information management operations arecontrolled by other components in the information management system 100(e.g., the media agent(s) or data agent(s) 142), instead of or incombination with the storage manager 140.

According to certain embodiments, the storage manager 140 provides oneor more of the following functions:

-   -   initiating execution of secondary copy operations;    -   managing secondary storage devices 108 and inventory/capacity of        the same;    -   reporting, searching, and/or classification of data in the        information management system 100;    -   allocating secondary storage devices 108 for secondary storage        operations;    -   monitoring completion of and providing status reporting related        to secondary storage operations;    -   tracking age information relating to secondary copies 116,        secondary storage devices 108, and comparing the age information        against retention guidelines;    -   tracking movement of data within the information management        system 100;    -   tracking logical associations between components in the        information management system 100;    -   protecting metadata associated with the information management        system 100; and    -   implementing operations management functionality.

The storage manager 140 may maintain a database 146 (or “storage managerdatabase 146” or “management database 146”) of management-related dataand information management policies 148. The database 146 may include amanagement index 150 (or “index 150”) or other data structure thatstores logical associations between components of the system, userpreferences and/or profiles (e.g., preferences regarding encryption,compression, or deduplication of primary or secondary copy data,preferences regarding the scheduling, type, or other aspects of primaryor secondary copy or other operations, mappings of particularinformation management users or user accounts to certain computingdevices or other components, etc.), management tasks, mediacontainerization, or other useful data. For example, the storage manager140 may use the index 150 to track logical associations between mediaagents 144 and secondary storage devices 108 and/or movement of datafrom primary storage devices 104 to secondary storage devices 108. Forinstance, the index 150 may store data associating a client computingdevice 102 with a particular media agent 144 and/or secondary storagedevice 108, as specified in an information management policy 148 (e.g.,a storage policy, which is defined in more detail below).

Administrators and other people may be able to configure and initiatecertain information management operations on an individual basis. Butwhile this may be acceptable for some recovery operations or otherrelatively less frequent tasks, it is often not workable forimplementing on-going organization-wide data protection and management.Thus, the information management system 100 may utilize informationmanagement policies 148 for specifying and executing informationmanagement operations (e.g., on an automated basis). Generally, aninformation management policy 148 can include a data structure or otherinformation source that specifies a set of parameters (e.g., criteriaand rules) associated with storage or other information managementoperations.

The storage manager database 146 may maintain the information managementpolicies 148 and associated data, although the information managementpolicies 148 can be stored in any appropriate location. For instance, aninformation management policy 148 such as a storage policy may be storedas metadata in a media agent database 152 or in a secondary storagedevice 108 (e.g., as an archive copy) for use in restore operations orother information management operations, depending on the embodiment.Information management policies 148 are described further below.

According to certain embodiments, the storage manager database 146comprises a relational database (e.g., an SQL database) for trackingmetadata, such as metadata associated with secondary copy operations(e.g., what client computing devices 102 and corresponding data wereprotected). This and other metadata may additionally be stored in otherlocations, such as at the secondary storage computing devices 106 or onthe secondary storage devices 108, allowing data recovery without theuse of the storage manager 140 in some cases.

As shown, the storage manager 140 may include a jobs agent 156, a userinterface 158, and a management agent 154, all of which may beimplemented as interconnected software modules or application programs.

The jobs agent 156 in some embodiments initiates, controls, and/ormonitors the status of some or all storage or other informationmanagement operations previously performed, currently being performed,or scheduled to be performed by the information management system 100.For instance, the jobs agent 156 may access information managementpolicies 148 to determine when and how to initiate and control secondarycopy and other information management operations, as will be discussedfurther.

The user interface 158 may include information processing and displaysoftware, such as a graphical user interface (“GUI”), an applicationprogram interface (“API”), or other interactive interface(s) throughwhich users and system processes can retrieve information about thestatus of information management operations (e.g., storage operations)or issue instructions to the information management system 100 and itsconstituent components. Via the user interface 158, users may optionallyissue instructions to the components in the information managementsystem 100 regarding performance of storage and recovery operations. Forexample, a user may modify a schedule concerning the number of pendingsecondary copy operations. As another example, a user may employ the GUIto view the status of pending storage operations or to monitor thestatus of certain components in the information management system 100(e.g., the amount of capacity left in a storage device).

An “information management cell” (or “storage operation cell” or “cell”)may generally include a logical and/or physical grouping of acombination of hardware and software components associated withperforming information management operations on electronic data,typically one storage manager 140 and at least one client computingdevice 102 (comprising data agent(s) 142) and at least one media agent144. For instance, the components shown in FIG. 1C may together form aninformation management cell. Multiple cells may be organizedhierarchically. With this configuration, cells may inherit propertiesfrom hierarchically superior cells or be controlled by other cells inthe hierarchy (automatically or otherwise). Alternatively, in someembodiments, cells may inherit or otherwise be associated withinformation management policies, preferences, information managementmetrics, or other properties or characteristics according to theirrelative position in a hierarchy of cells. Cells may also be delineatedand/or organized hierarchically according to function, geography,architectural considerations, or other factors useful or desirable inperforming information management operations. A first cell may representa geographic segment of an enterprise, such as a Chicago office, and asecond cell may represent a different geographic segment, such as a NewYork office. Other cells may represent departments within a particularoffice. Where delineated by function, a first cell may perform one ormore first types of information management operations (e.g., one or morefirst types of secondary or other copies), and a second cell may performone or more second types of information management operations (e.g., oneor more second types of secondary or other copies).

The storage manager 140 may also track information that permits it toselect, designate, or otherwise identify content indices, deduplicationdatabases, or similar databases or resources or data sets within itsinformation management cell (or another cell) to be searched in responseto certain queries. Such queries may be entered by the user viainteraction with the user interface 158. In general, the managementagent 154 allows multiple information management cells to communicatewith one another. For example, the information management system 100 insome cases may be one information management cell of a network ofmultiple cells adjacent to one another or otherwise logically related ina WAN or LAN. With this arrangement, the cells may be connected to oneanother through respective management agents 154.

For instance, the management agent 154 can provide the storage manager140 with the ability to communicate with other components within theinformation management system 100 (and/or other cells within a largerinformation management system) via network protocols and applicationprogramming interfaces (“APIs”) including, e.g., HTTP, HTTPS, FTP, REST,virtualization software APIs, cloud service provider APIs, and hostedservice provider APIs. Inter-cell communication and hierarchy isdescribed in greater detail in e.g., U.S. Pat. Nos. 7,747,579 and7,343,453, which are incorporated by reference herein.

Data Agents

As discussed, a variety of different types of applications 110 canoperate on a given client computing device 102, including operatingsystems, database applications, e-mail applications, and virtualmachines, just to name a few. And, as part of the process of creatingand restoring secondary copies 116, the client computing devices 102 maybe tasked with processing and preparing the primary data 112 from thesevarious different applications 110. Moreover, the nature of theprocessing/preparation can differ across clients and application types,e.g., due to inherent structural and formatting differences amongapplications 110.

The one or more data agent(s) 142 are therefore advantageouslyconfigured in some embodiments to assist in the performance ofinformation management operations based on the type of data that isbeing protected, at a client-specific and/or application-specific level.

The data agent 142 may be a software module or component that isgenerally responsible for managing, initiating, or otherwise assistingin the performance of information management operations in informationmanagement system 100, generally as directed by storage manager 140. Forinstance, the data agent 142 may take part in performing data storageoperations such as the copying, archiving, migrating, and/or replicatingof primary data 112 stored in the primary storage device(s) 104. Thedata agent 142 may receive control information from the storage manager140, such as commands to transfer copies of data objects, metadata, andother payload data to the media agents 144.

In some embodiments, a data agent 142 may be distributed between theclient computing device 102 and storage manager 140 (and any otherintermediate components) or may be deployed from a remote location orits functions approximated by a remote process that performs some or allof the functions of data agent 142. In addition, a data agent 142 mayperform some functions provided by a media agent 144, or may performother functions such as encryption and deduplication.

As indicated, each data agent 142 may be specialized for a particularapplication 110, and the system can employ multiple application-specificdata agents 142, each of which may perform information managementoperations (e.g., perform backup, migration, and data recovery)associated with a different application 110. For instance, differentindividual data agents 142 may be designed to handle Microsoft Exchangedata, Lotus Notes data, Microsoft Windows file system data, MicrosoftActive Directory Objects data, SQL Server data, SharePoint data, Oracledatabase data, SAP database data, virtual machines and/or associateddata, and other types of data.

A file system data agent, for example, may handle data files and/orother file system information. If a client computing device 102 has twoor more types of data, a specialized data agent 142 may be used for eachdata type to copy, archive, migrate, and restore the client computingdevice 102 data. For example, to backup, migrate, and/or restore all ofthe data on a Microsoft Exchange server, the client computing device 102may use a Microsoft Exchange Mailbox data agent 142 to back up theExchange mailboxes, a Microsoft Exchange Database data agent 142 to backup the Exchange databases, a Microsoft Exchange Public Folder data agent142 to back up the Exchange Public Folders, and a Microsoft Windows FileSystem data agent 142 to back up the file system of the client computingdevice 102. In such embodiments, these specialized data agents 142 maybe treated as four separate data agents 142 even though they operate onthe same client computing device 102.

Other embodiments may employ one or more generic data agents 142 thatcan handle and process data from two or more different applications 110,or that can handle and process multiple data types, instead of or inaddition to using specialized data agents 142. For example, one genericdata agent 142 may be used to back up, migrate and restore MicrosoftExchange Mailbox data and Microsoft Exchange Database data while anothergeneric data agent may handle Microsoft Exchange Public Folder data andMicrosoft Windows File System data.

Each data agent 142 may be configured to access data and/or metadatastored in the primary storage device(s) 104 associated with the dataagent 142 and process the data as appropriate. For example, during asecondary copy operation, the data agent 142 may arrange or assemble thedata and metadata into one or more files having a certain format (e.g.,a particular backup or archive format) before transferring the file(s)to a media agent 144 or other component. The file(s) may include a listof files or other metadata. Each data agent 142 can also assist inrestoring data or metadata to primary storage devices 104 from asecondary copy 116. For instance, the data agent 142 may operate inconjunction with the storage manager 140 and one or more of the mediaagents 144 to restore data from secondary storage device(s) 108.

Media Agents

As indicated above with respect to FIG. 1A, off-loading certainresponsibilities from the client computing devices 102 to intermediatecomponents such as the media agent(s) 144 can provide a number ofbenefits including improved client computing device 102 operation,faster secondary copy operation performance, and enhanced scalability.In one specific example which will be discussed below in further detail,the media agent 144 can act as a local cache of copied data and/ormetadata that it has stored to the secondary storage device(s) 108,providing improved restore capabilities.

Generally speaking, a media agent 144 may be implemented as a softwaremodule that manages, coordinates, and facilitates the transmission ofdata, as directed by the storage manager 140, between a client computingdevice 102 and one or more secondary storage devices 108. Whereas thestorage manager 140 controls the operation of the information managementsystem 100, the media agent 144 generally provides a portal to secondarystorage devices 108. For instance, other components in the systeminteract with the media agents 144 to gain access to data stored on thesecondary storage devices 108, whether it be for the purposes ofreading, writing, modifying, or deleting data. Moreover, as will bedescribed further, media agents 144 can generate and store informationrelating to characteristics of the stored data and/or metadata, or cangenerate and store other types of information that generally providesinsight into the contents of the secondary storage devices 108.

Media agents 144 can comprise separate nodes in the informationmanagement system 100 (e.g., nodes that are separate from the clientcomputing devices 102, storage manager 140, and/or secondary storagedevices 108). In general, a node within the information managementsystem 100 can be a logically and/or physically separate component, andin some cases is a component that is individually addressable orotherwise identifiable. In addition, each media agent 144 may operate ona dedicated secondary storage computing device 106 in some cases, whilein other embodiments a plurality of media agents 144 operate on the samesecondary storage computing device 106.

A media agent 144 (and corresponding media agent database 152) may beconsidered to be “associated with” a particular secondary storage device108 if that media agent 144 is capable of one or more of: routing and/orstoring data to the particular secondary storage device 108,coordinating the routing and/or storing of data to the particularsecondary storage device 108, retrieving data from the particularsecondary storage device 108, coordinating the retrieval of data from aparticular secondary storage device 108, and modifying and/or deletingdata retrieved from the particular secondary storage device 108.

While media agent(s) 144 are generally associated with one or moresecondary storage devices 108, one or more media agents 144 in certainembodiments are physically separate from the secondary storage devices108. For instance, the media agents 144 may operate on secondary storagecomputing devices 106 having different housings or packages than thesecondary storage devices 108. In one example, a media agent 144operates on a first server computer and is in communication with asecondary storage device(s) 108 operating in a separate, rack-mountedRAID-based system.

Where the information management system 100 includes multiple mediaagents 144 (see, e.g., FIG. 1D), a first media agent 144 may providefailover functionality for a second, failed media agent 144. Inaddition, media agents 144 can be dynamically selected for storageoperations to provide load balancing. Failover and load balancing aredescribed in greater detail below.

In operation, a media agent 144 associated with a particular secondarystorage device 108 may instruct the secondary storage device 108 toperform an information management operation. For instance, a media agent144 may instruct a tape library to use a robotic arm or other retrievalmeans to load or eject a certain storage media, and to subsequentlyarchive, migrate, or retrieve data to or from that media, e.g., for thepurpose of restoring the data to a client computing device 102. Asanother example, a secondary storage device 108 may include an array ofhard disk drives or solid state drives organized in a RAIDconfiguration, and the media agent 144 may forward a logical unit number(LUN) and other appropriate information to the array, which uses thereceived information to execute the desired storage operation. The mediaagent 144 may communicate with a secondary storage device 108 via asuitable communications link, such as a SCSI or Fiber Channel link.

As shown, each media agent 144 may maintain an associated media agentdatabase 152. The media agent database 152 may be stored in a disk orother storage device (not shown) that is local to the secondary storagecomputing device 106 on which the media agent 144 operates. In othercases, the media agent database 152 is stored remotely from thesecondary storage computing device 106.

The media agent database 152 can include, among other things, an index153 (see, e.g., FIG. 1C), which comprises information generated duringsecondary copy operations and other storage or information managementoperations. The index 153 provides a media agent 144 or other componentwith a fast and efficient mechanism for locating secondary copies 116 orother data stored in the secondary storage devices 108. In some cases,the index 153 does not form a part of and is instead separate from themedia agent database 152.

A media agent index 153 or other data structure associated with theparticular media agent 144 may include information about the storeddata. For instance, for each secondary copy 116, the index 153 mayinclude metadata such as a list of the data objects (e.g.,files/subdirectories, database objects, mailbox objects, etc.), a pathto the secondary copy 116 on the corresponding secondary storage device108, location information indicating where the data objects are storedin the secondary storage device 108, when the data objects were createdor modified, etc. Thus, the index 153 includes metadata associated withthe secondary copies 116 that is readily available for use withouthaving to be first retrieved from the secondary storage device 108. Inyet further embodiments, some or all of the information in index 153 mayinstead or additionally be stored along with the secondary copies ofdata in a secondary storage device 108. In some embodiments, thesecondary storage devices 108 can include sufficient information toperform a “bare metal restore”, where the operating system of a failedclient computing device 102 or other restore target is automaticallyrebuilt as part of a restore operation.

Because the index 153 maintained in the media agent database 152 mayoperate as a cache, it can also be referred to as “an index cache.” Insuch cases, information stored in the index cache 153 typicallycomprises data that reflects certain particulars about storageoperations that have occurred relatively recently. After some triggeringevent, such as after a certain period of time elapses, or the indexcache 153 reaches a particular size, the index cache 153 may be copiedor migrated to a secondary storage device(s) 108. This information mayneed to be retrieved and uploaded back into the index cache 153 orotherwise restored to a media agent 144 to facilitate retrieval of datafrom the secondary storage device(s) 108. In some embodiments, thecached information may include format or containerization informationrelated to archives or other files stored on the storage device(s) 108.In this manner, the index cache 153 allows for accelerated restores.

In some alternative embodiments the media agent 144 generally acts as acoordinator or facilitator of storage operations between clientcomputing devices 102 and corresponding secondary storage devices 108,but does not actually write the data to the secondary storage device108. For instance, the storage manager 140 (or the media agent 144) mayinstruct a client computing device 102 and secondary storage device 108to communicate with one another directly. In such a case the clientcomputing device 102 transmits the data directly or via one or moreintermediary components to the secondary storage device 108 according tothe received instructions, and vice versa. In some such cases, the mediaagent 144 may still receive, process, and/or maintain metadata relatedto the storage operations. Moreover, in these embodiments, the payloaddata can flow through the media agent 144 for the purposes of populatingthe index cache 153 maintained in the media agent database 152, but notfor writing to the secondary storage device 108.

The media agent 144 and/or other components such as the storage manager140 may in some cases incorporate additional functionality, such as dataclassification, content indexing, deduplication, encryption,compression, and the like. Further details regarding these and otherfunctions are described below.

Distributed, Scalable Architecture

As described, certain functions of the information management system 100can be distributed amongst various physical and/or logical components inthe system. For instance, one or more of the storage manager 140, dataagents 142, and media agents 144 may operate on computing devices thatare physically separate from one another. This architecture can providea number of benefits.

For instance, hardware and software design choices for each distributedcomponent can be targeted to suit its particular function. The secondarycomputing devices 106 on which the media agents 144 operate can betailored for interaction with associated secondary storage devices 108and provide fast index cache operation, among other specific tasks.Similarly, the client computing device(s) 102 can be selected toeffectively service the applications 110 thereon, in order toefficiently produce and store primary data 112.

Moreover, in some cases, one or more of the individual components in theinformation management system 100 can be distributed to multiple,separate computing devices. As one example, for large file systems wherethe amount of data stored in the management database 146 is relativelylarge, the database 146 may be migrated to or otherwise reside on aspecialized database server (e.g., an SQL server) separate from a serverthat implements the other functions of the storage manager 140. Thisdistributed configuration can provide added protection because thedatabase 146 can be protected with standard database utilities (e.g.,SQL log shipping or database replication) independent from otherfunctions of the storage manager 140. The database 146 can beefficiently replicated to a remote site for use in the event of adisaster or other data loss at the primary site. Or the database 146 canbe replicated to another computing device within the same site, such asto a higher performance machine in the event that a storage manager hostdevice can no longer service the needs of a growing informationmanagement system 100.

The distributed architecture also provides both scalability andefficient component utilization. FIG. 1D shows an embodiment of theinformation management system 100 including a plurality of clientcomputing devices 102 and associated data agents 142 as well as aplurality of secondary storage computing devices 106 and associatedmedia agents 144.

Additional components can be added or subtracted based on the evolvingneeds of the information management system 100. For instance, dependingon where bottlenecks are identified, administrators can add additionalclient computing devices 102, secondary storage computing devices 106(and corresponding media agents 144), and/or secondary storage devices108. Moreover, where multiple fungible components are available, loadbalancing can be implemented to dynamically address identifiedbottlenecks. As an example, the storage manager 140 may dynamicallyselect which media agents 144 and/or secondary storage devices 108 touse for storage operations based on a processing load analysis of themedia agents 144 and/or secondary storage devices 108, respectively.

Moreover, each client computing device 102 in some embodiments cancommunicate with, among other components, any of the media agents 144,e.g., as directed by the storage manager 140. And each media agent 144may be able to communicate with, among other components, any of thesecondary storage devices 108, e.g., as directed by the storage manager140. Thus, operations can be routed to the secondary storage devices 108in a dynamic and highly flexible manner, to provide load balancing,failover, and the like. Further examples of scalable systems capable ofdynamic storage operations, and of systems capable of performing loadbalancing and fail over are provided in U.S. Pat. No. 7,246,207, whichis incorporated by reference herein.

In alternative configurations, certain components are not distributedand may instead reside and execute on the same computing device. Forexample, in some embodiments, one or more data agents 142 and thestorage manager 140 operate on the same client computing device 102. Inanother embodiment, one or more data agents 142 and one or more mediaagents 144 operate on a single computing device.

Exemplary Types of Information Management Operations

In order to protect and leverage stored data, the information managementsystem 100 can be configured to perform a variety of informationmanagement operations. As will be described, these operations cangenerally include secondary copy and other data movement operations,processing and data manipulation operations, analysis, reporting, andmanagement operations. The operations described herein may be performedon any type of computing device, e.g., between two computers connectedvia a LAN, to a mobile client telecommunications device connected to aserver via a WLAN, to any manner of client computing device coupled to acloud storage target, etc., without limitation.

Data Movement Operations

Data movement operations according to certain embodiments are generallyoperations that involve the copying or migration of data (e.g., payloaddata) between different locations in the information management system100 in an original/native and/or one or more different formats. Forexample, data movement operations can include operations in which storeddata is copied, migrated, or otherwise transferred from one or morefirst storage devices to one or more second storage devices, such asfrom primary storage device(s) 104 to secondary storage device(s) 108,from secondary storage device(s) 108 to different secondary storagedevice(s) 108, from secondary storage devices 108 to primary storagedevices 104, or from primary storage device(s) 104 to different primarystorage device(s) 104.

Data movement operations can include by way of example, backupoperations, archive operations, information lifecycle managementoperations such as hierarchical storage management operations,replication operations (e.g., continuous data replication operations),snapshot operations, deduplication or single-instancing operations,auxiliary copy operations, and the like. As will be discussed, some ofthese operations involve the copying, migration or other movement ofdata, without actually creating multiple, distinct copies. Nonetheless,some or all of these operations are referred to as “copy” operations forsimplicity.

Backup Operations

A backup operation creates a copy of a version of data (e.g., one ormore files or other data units) in primary data 112 at a particularpoint in time. Each subsequent backup copy may be maintainedindependently of the first. Further, a backup copy in some embodimentsis generally stored in a form that is different than the native format,e.g., a backup format. This can be in contrast to the version in primarydata 112 from which the backup copy is derived, and which may instead bestored in a native format of the source application(s) 110. In variouscases, backup copies can be stored in a format in which the data iscompressed, encrypted, deduplicated, and/or otherwise modified from theoriginal application format. For example, a backup copy may be stored ina backup format that facilitates compression and/or efficient long-termstorage.

Backup copies can have relatively long retention periods as compared toprimary data 112, and may be stored on media with slower retrieval timesthan primary data 112 and certain other types of secondary copies 116.On the other hand, backups may have relatively shorter retention periodsthan some other types of secondary copies 116, such as archive copies(described below). Backups may sometimes be stored at on offsitelocation.

Backup operations can include full backups, differential backups,incremental backups, “synthetic full” backups, and/or creating a“reference copy.” A full backup (or “standard full backup”) in someembodiments is generally a complete image of the data to be protected.However, because full backup copies can consume a relatively largeamount of storage, it can be useful to use a full backup copy as abaseline and only store changes relative to the full backup copy forsubsequent backup copies.

For instance, a differential backup operation (or cumulative incrementalbackup operation) tracks and stores changes that have occurred since thelast full backup. Differential backups can grow quickly in size, but canprovide relatively efficient restore times because a restore can becompleted in some cases using only the full backup copy and the latestdifferential copy.

An incremental backup operation generally tracks and stores changessince the most recent backup copy of any type, which can greatly reducestorage utilization. In some cases, however, restore times can berelatively long in comparison to full or differential backups becausecompleting a restore operation may involve accessing a full backup inaddition to multiple incremental backups.

Synthetic full backups generally consolidate data without directlybacking up data from the client computing device. A synthetic fullbackup is created from the most recent full backup (i.e., standard orsynthetic) and subsequent incremental and/or differential backups. Theresulting synthetic full backup is identical to what would have beencreated had the last backup for the subclient been a standard fullbackup. Unlike standard full, incremental, and differential backups, asynthetic full backup does not actually transfer data from a clientcomputer to the backup media, because it operates as a backupconsolidator. A synthetic full backup extracts the index data of eachparticipating subclient. Using this index data and the previously backedup user data images, it builds new full backup images, one for eachsubclient. The new backup images consolidate the index and user datastored in the related incremental, differential, and previous fullbackups, in some embodiments creating an archive file at the subclientlevel.

Any of the above types of backup operations can be at the volume-level,file-level, or block-level. Volume level backup operations generallyinvolve the copying of a data volume (e.g., a logical disk or partition)as a whole. In a file-level backup, the information management system100 may generally track changes to individual files, and includes copiesof files in the backup copy. In the case of a block-level backup, filesare broken into constituent blocks, and changes are tracked at theblock-level. Upon restore, the information management system 100reassembles the blocks into files in a transparent fashion.

Far less data may actually be transferred and copied to the secondarystorage devices 108 during a file-level copy than a volume-level copy.Likewise, a block-level copy may involve the transfer of less data thana file-level copy, resulting in faster execution times. However,restoring a relatively higher-granularity copy can result in longerrestore times. For instance, when restoring a block-level copy, theprocess of locating constituent blocks can sometimes result in longerrestore times as compared to file-level backups. Similar to backupoperations, the other types of secondary copy operations describedherein can also be implemented at either the volume-level, file-level,or block-level.

For example, in some embodiments, a reference copy may comprisecopy(ies) of selected objects from backed up data, typically to helporganize data by keeping contextual information from multiple sourcestogether, and/or help retain specific data for a longer period of time,such as for legal hold needs. A reference copy generally maintains dataintegrity, and when the data is restored, it may be viewed in the sameformat as the source data. In some embodiments, a reference copy isbased on a specialized client, individual subclient and associatedinformation management policies (e.g., storage policy, retention policy,etc.) that are administered within information management system 100.

Archive Operations

Because backup operations generally involve maintaining a version of thecopied data in primary data 112 and also maintaining backup copies insecondary storage device(s) 108, they can consume significant storagecapacity. To help reduce storage consumption, an archive operationaccording to certain embodiments creates a secondary copy 116 by bothcopying and removing source data. Or, seen another way, archiveoperations can involve moving some or all of the source data to thearchive destination. Thus, data satisfying criteria for removal (e.g.,data of a threshold age or size) may be removed from source storage. Thesource data may be primary data 112 or a secondary copy 116, dependingon the situation. As with backup copies, archive copies can be stored ina format in which the data is compressed, encrypted, deduplicated,and/or otherwise modified from the format of the original application orsource copy. In addition, archive copies may be retained for relativelylong periods of time (e.g., years) and, in some cases, are neverdeleted. Archive copies are generally retained for longer periods oftime than backup copies, for example. In certain embodiments, archivecopies may be made and kept for extended periods in order to meetcompliance regulations.

Moreover, when primary data 112 is archived, in some cases thecorresponding primary data 112 or a portion thereof is deleted whencreating the archive copy. Thus, archiving can serve the purpose offreeing up space in the primary storage device(s) 104 and easing thedemand on computational resources on client computing device 102.Similarly, when a secondary copy 116 is archived, the secondary copy 116may be deleted, and an archive copy can therefore serve the purpose offreeing up space in secondary storage device(s) 108. In contrast, sourcecopies often remain intact when creating backup copies. Examples ofcompatible data archiving operations are provided in U.S. Pat. No.7,107,298, which is incorporated by reference herein.

Snapshot Operations

Snapshot operations can provide a relatively lightweight, efficientmechanism for protecting data. From an end-user viewpoint, a snapshotmay be thought of as an “instant” image of the primary data 112 at agiven point in time, and may include state and/or status informationrelative to an application that creates/manages the primary data. In oneembodiment, a snapshot may generally capture the directory structure ofan object in primary data 112 such as a file or volume or other data setat a particular moment in time and may also preserve file attributes andcontents. A snapshot in some cases is created relatively quickly, e.g.,substantially instantly, using a minimum amount of file space, but maystill function as a conventional file system backup.

A “hardware snapshot” (or “hardware-based snapshot”) operation can be asnapshot operation where a target storage device (e.g., a primarystorage device 104 or a secondary storage device 108) performs thesnapshot operation in a self-contained fashion, substantiallyindependently, using hardware, firmware and/or software operating on thestorage device itself. For instance, the storage device may be capableof performing snapshot operations upon request, generally withoutintervention or oversight from any of the other components in theinformation management system 100. In this manner, hardware snapshotscan off-load other components of information management system 100 fromprocessing involved in snapshot creation and management.

A “software snapshot” (or “software-based snapshot”) operation, on theother hand, can be a snapshot operation in which one or more othercomponents in information management system 100 (e.g., client computingdevices 102, data agents 142, etc.) implement a software layer thatmanages the snapshot operation via interaction with the target storagedevice. For instance, the component executing the snapshot managementsoftware layer may derive a set of pointers and/or data that representsthe snapshot. The snapshot management software layer may then transmitthe same to the target storage device, along with appropriateinstructions for writing the snapshot.

Some types of snapshots do not actually create another physical copy ofall the data as it existed at the particular point in time, but maysimply create pointers that are able to map files and directories tospecific memory locations (e.g., to specific disk blocks) where the dataresides, as it existed at the particular point in time. For example, asnapshot copy may include a set of pointers derived from the file systemor from an application. In some other cases, the snapshot may be createdat the block-level, such that creation of the snapshot occurs withoutawareness of the file system. Each pointer points to a respective storeddata block, so that collectively, the set of pointers reflect thestorage location and state of the data object (e.g., file(s) orvolume(s) or data set(s)) at a particular point in time when thesnapshot copy was created.

An initial snapshot may use only a small amount of disk space needed torecord a mapping or other data structure representing or otherwisetracking the blocks that correspond to the current state of the filesystem. Additional disk space is usually required only when files anddirectories are modified later on. Furthermore, when files are modified,typically only the pointers which map to blocks are copied, not theblocks themselves. In some embodiments, for example in the case of“copy-on-write” snapshots, when a block changes in primary storage, theblock is copied to secondary storage or cached in primary storage beforethe block is overwritten in primary storage, and the pointer to thatblock changed to reflect the new location of that block. The snapshotmapping of file system data may also be updated to reflect the changedblock(s) at that particular point in time. In some other cases, asnapshot includes a full physical copy of all or substantially all ofthe data represented by the snapshot. Further examples of snapshotoperations are provided in U.S. Pat. No. 7,529,782, which isincorporated by reference herein.

A snapshot copy in many cases can be made quickly and withoutsignificantly impacting primary computing resources because largeamounts of data need not be copied or moved. In some embodiments, asnapshot may exist as a virtual file system, parallel to the actual filesystem. Users in some cases gain read-only access to the record of filesand directories of the snapshot. By electing to restore primary data 112from a snapshot taken at a given point in time, users may also returnthe current file system to the state of the file system that existedwhen the snapshot was taken.

Replication Operations

Another type of secondary copy operation is a replication operation.Some types of secondary copies 116 are used to periodically captureimages of primary data 112 at particular points in time (e.g., backups,archives, and snapshots). However, it can also be useful for recoverypurposes to protect primary data 112 in a more continuous fashion, byreplicating the primary data 112 substantially as changes occur. In somecases a replication copy can be a mirror copy, for instance, wherechanges made to primary data 112 are mirrored or substantiallyimmediately copied to another location (e.g., to secondary storagedevice(s) 108). By copying each write operation to the replication copy,two storage systems are kept synchronized or substantially synchronizedso that they are virtually identical at approximately the same time.Where entire disk volumes are mirrored, however, mirroring can requiresignificant amount of storage space and utilizes a large amount ofprocessing resources.

According to some embodiments storage operations are performed onreplicated data that represents a recoverable state, or “known goodstate” of a particular application running on the source system. Forinstance, in certain embodiments, known good replication copies may beviewed as copies of primary data 112. This feature allows the system todirectly access, copy, restore, backup or otherwise manipulate thereplication copies as if the data were the “live” primary data 112. Thiscan reduce access time, storage utilization, and impact on sourceapplications 110, among other benefits. Based on known good stateinformation, the information management system 100 can replicatesections of application data that represent a recoverable state ratherthan rote copying of blocks of data. Examples of compatible replicationoperations (e.g., continuous data replication) are provided in U.S. Pat.No. 7,617,262, which is incorporated by reference herein.

Deduplication/Single-Instancing Operations

Another type of data movement operation is deduplication orsingle-instance storage, which is useful to reduce the amount ofnon-primary data. For instance, some or all of the above-describedsecondary storage operations can involve deduplication in some fashion.New data is read, broken down into portions (e.g., sub-file levelblocks, files, etc.) of a selected granularity, compared with blocksthat are already in secondary storage, and only the new blocks arestored. Blocks that already exist are represented as pointers to thealready stored data.

In order to streamline the comparison process, the informationmanagement system 100 may calculate and/or store signatures (e.g.,hashes or cryptographically unique IDs) corresponding to the individualdata blocks in a database and compare the signatures instead ofcomparing entire data blocks. In some cases, only a single instance ofeach element is stored, and deduplication operations may therefore bereferred to interchangeably as “single-instancing” operations. Dependingon the implementation, however, deduplication or single-instancingoperations can store more than one instance of certain data blocks, butnonetheless significantly reduce data redundancy. Depending on theembodiment, deduplication blocks can be of fixed or variable length.Using variable length blocks can provide enhanced deduplication byresponding to changes in the data stream, but can involve complexprocessing. In some cases, the information management system 100utilizes a technique for dynamically aligning deduplication blocks(e.g., fixed-length blocks) based on changing content in the datastream, as described in U.S. Pat. No. 8,364,652, which is incorporatedby reference herein.

The information management system 100 can perform deduplication in avariety of manners at a variety of locations in the informationmanagement system 100. For instance, in some embodiments, theinformation management system 100 implements “target-side” deduplicationby deduplicating data (e.g., secondary copies 116) stored in thesecondary storage devices 108. In some such cases, the media agents 144are generally configured to manage the deduplication process. Forinstance, one or more of the media agents 144 maintain a correspondingdeduplication database that stores deduplication information (e.g.,datablock signatures). Examples of such a configuration are provided inU.S. Pat. Pub. No. 2012/0150826, which is incorporated by referenceherein. Instead of or in combination with “target-side” deduplication,deduplication can also be performed on the “source-side” (or“client-side”), e.g., to reduce the amount of traffic between the mediaagents 144 and the client computing device(s) 102 and/or reduceredundant data stored in the primary storage devices 104. According tovarious implementations, one or more of the storage devices of thetarget-side and/or source-side of an operation can be cloud-basedstorage devices. Thus, the target-side and/or source-side deduplicationcan be cloud-based deduplication. In particular, as discussedpreviously, the storage manager 140 may communicate with othercomponents within the information management system 100 via networkprotocols and cloud service provider APIs to facilitate cloud-baseddeduplication/single instancing. Examples of such deduplicationtechniques are provided in U.S. Pat. Pub. No. 2012/0150818, which isincorporated by reference herein. Some other compatiblededuplication/single instancing techniques are described in U.S. Pat.Pub. Nos. 2006/0224846 and 2009/0319534, which are incorporated byreference herein.

Information Lifecycle Management and Hierarchical Storage ManagementOperations

In some embodiments, files and other data over their lifetime move frommore expensive, quick access storage to less expensive, slower accessstorage. Operations associated with moving data through various tiers ofstorage are sometimes referred to as information lifecycle management(ILM) operations.

One type of ILM operation is a hierarchical storage management (HSM)operation. A HSM operation is generally an operation for automaticallymoving data between classes of storage devices, such as betweenhigh-cost and low-cost storage devices. For instance, an HSM operationmay involve movement of data from primary storage devices 104 tosecondary storage devices 108, or between tiers of secondary storagedevices 108. With each tier, the storage devices may be progressivelyrelatively cheaper, have relatively slower access/restore times, etc.For example, movement of data between tiers may occur as data becomesless important over time.

In some embodiments, an HSM operation is similar to an archive operationin that creating an HSM copy may (though not always) involve deletingsome of the source data, e.g., according to one or more criteria relatedto the source data. For example, an HSM copy may include data fromprimary data 112 or a secondary copy 116 that is larger than a givensize threshold or older than a given age threshold and that is stored ina backup format.

Often, and unlike some types of archive copies, HSM data that is removedor aged from the source is replaced by a logical reference pointer orstub. The reference pointer or stub can be stored in the primary storagedevice 104 (or other source storage device, such as a secondary storagedevice 108) to replace the deleted source data and to point to orotherwise indicate the new location in a secondary storage device 108.

According to one example, files are generally moved between higher andlower cost storage depending on how often the files are accessed. When auser requests access to the HSM data that has been removed or migrated,the information management system 100 uses the stub to locate the dataand may make recovery of the data appear transparent, even though theHSM data may be stored at a location different from other source data.In this manner, the data appears to the user (e.g., in file systembrowsing windows and the like) as if it still resides in the sourcelocation (e.g., in a primary storage device 104). The stub may alsoinclude some metadata associated with the corresponding data, so that afile system and/or application can provide some information about thedata object and/or a limited-functionality version (e.g., a preview) ofthe data object.

An HSM copy may be stored in a format other than the native applicationformat (e.g., where the data is compressed, encrypted, deduplicated,and/or otherwise modified from the original native application format).In some cases, copies which involve the removal of data from sourcestorage and the maintenance of stub or other logical referenceinformation on source storage may be referred to generally as “on-linearchive copies”. On the other hand, copies which involve the removal ofdata from source storage without the maintenance of stub or otherlogical reference information on source storage may be referred to as“off-line archive copies”. Examples of HSM and ILM techniques areprovided in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

Auxiliary Copy and Disaster Recovery Operations

An auxiliary copy is generally a copy operation in which a copy iscreated of an existing secondary copy 116. For instance, an initialsecondary copy 116 may be generated using or otherwise be derived fromprimary data 112 (or other data residing in the secondary storagesubsystem 118), whereas an auxiliary copy is generated from the initialsecondary copy 116. Auxiliary copies can be used to create additionalstandby copies of data and may reside on different secondary storagedevices 108 than the initial secondary copies 116. Thus, auxiliarycopies can be used for recovery purposes if initial secondary copies 116become unavailable. Exemplary compatible auxiliary copy techniques aredescribed in further detail in U.S. Pat. No. 8,230,195, which isincorporated by reference herein.

The information management system 100 may also perform disaster recoveryoperations that make or retain disaster recovery copies, often assecondary, high-availability disk copies. The information managementsystem 100 may create secondary disk copies and store the copies atdisaster recovery locations using auxiliary copy or replicationoperations, such as continuous data replication technologies. Dependingon the particular data protection goals, disaster recovery locations canbe remote from the client computing devices 102 and primary storagedevices 104, remote from some or all of the secondary storage devices108, or both.

Data Analysis, Reporting, and Management Operations

Data analysis, reporting, and management operations can be differentthan data movement operations in that they do not necessarily involvethe copying, migration or other transfer of data (e.g., primary data 112or secondary copies 116) between different locations in the system. Forinstance, data analysis operations may involve processing (e.g., offlineprocessing) or modification of already stored primary data 112 and/orsecondary copies 116. However, in some embodiments data analysisoperations are performed in conjunction with data movement operations.Some data analysis operations include content indexing operations andclassification operations which can be useful in leveraging the dataunder management to provide enhanced search and other features.

Other data analysis operations such as compression and encryption canprovide data reduction and security benefits, respectively.

Classification Operations/Content Indexing

In some embodiments, the information management system 100 analyzes andindexes characteristics, content, and metadata associated with theprimary data 112 and/or secondary copies 116. The content indexing canbe used to identify files or other data objects having pre-definedcontent (e.g., user-defined keywords or phrases, other keywords/phrasesthat are not defined by a user, etc.), and/or metadata (e.g., emailmetadata such as “to”, “from”, “cc”, “bcc”, attachment name, receivedtime, etc.).

The information management system 100 generally organizes and cataloguesthe results in a content index, which may be stored within the mediaagent database 152, for example. The content index can also include thestorage locations of (or pointer references to) the indexed data in theprimary data 112 or secondary copies 116, as appropriate. The resultsmay also be stored, in the form of a content index database orotherwise, elsewhere in the information management system 100 (e.g., inthe primary storage devices 104, or in the secondary storage device108). Such index data provides the storage manager 140 or anothercomponent with an efficient mechanism for locating primary data 112and/or secondary copies 116 of data objects that match particularcriteria.

For instance, search criteria can be specified by a user through userinterface 158 of the storage manager 140. In some cases, the informationmanagement system 100 analyzes data and/or metadata in secondary copies116 to create an “off-line” content index, without significantlyimpacting the performance of the client computing devices 102. Dependingon the embodiment, the system can also implement “on-line” contentindexing, e.g., of primary data 112. Examples of compatible contentindexing techniques are provided in U.S. Pat. No. 8,170,995, which isincorporated by reference herein.

One or more components can be configured to scan data and/or associatedmetadata for classification purposes to populate a database (or otherdata structure) of information, which can be referred to as a “dataclassification database” or a “metabase”. Depending on the embodiment,the data classification database(s) can be organized in a variety ofdifferent ways, including centralization, logical sub-divisions, and/orphysical sub-divisions. For instance, one or more centralized dataclassification databases may be associated with different subsystems ortiers within the information management system 100. As an example, theremay be a first centralized metabase associated with the primary storagesubsystem 117 and a second centralized metabase associated with thesecondary storage subsystem 118. In other cases, there may be one ormore metabases associated with individual components, e.g., clientcomputing devices 102 and/or media agents 144. In some embodiments, adata classification database (metabase) may reside as one or more datastructures within management database 146, or may be otherwiseassociated with storage manager 140.

In some cases, the metabase(s) may be included in separate database(s)and/or on separate storage device(s) from primary data 112 and/orsecondary copies 116, such that operations related to the metabase donot significantly impact performance on other components in theinformation management system 100. In other cases, the metabase(s) maybe stored along with primary data 112 and/or secondary copies 116. Filesor other data objects can be associated with identifiers (e.g., tagentries, etc.) in the media agent 144 (or other indices) to facilitatesearches of stored data objects. Among a number of other benefits, themetabase can also allow efficient, automatic identification of files orother data objects to associate with secondary copy or other informationmanagement operations (e.g., in lieu of scanning an entire file system).Examples of compatible metabases and data classification operations areprovided in U.S. Pat. Nos. 8,229,954 and 7,747,579, which areincorporated by reference herein.

Encryption Operations

The information management system 100 in some cases is configured toprocess data (e.g., files or other data objects, secondary copies 116,etc.), according to an appropriate encryption algorithm (e.g., Blowfish,Advanced Encryption Standard [AES], Triple Data Encryption Standard[3-DES], etc.) to limit access and provide data security in theinformation management system 100. The information management system 100in some cases encrypts the data at the client level, such that theclient computing devices 102 (e.g., the data agents 142) encrypt thedata prior to forwarding the data to other components, e.g., beforesending the data to media agents 144 during a secondary copy operation.In such cases, the client computing device 102 may maintain or haveaccess to an encryption key or passphrase for decrypting the data uponrestore. Encryption can also occur when creating copies of secondarycopies, e.g., when creating auxiliary copies or archive copies. In yetfurther embodiments, the secondary storage devices 108 can implementbuilt-in, high performance hardware encryption.

Management and Reporting Operations

Certain embodiments leverage the integrated, ubiquitous nature of theinformation management system 100 to provide useful system-widemanagement and reporting functions. Examples of some compatiblemanagement and reporting techniques are provided in U.S. Pat. No.7,343,453, which is incorporated by reference herein.

Operations management can generally include monitoring and managing thehealth and performance of information management system 100 by, withoutlimitation, performing error tracking, generating granularstorage/performance metrics (e.g., job success/failure information,deduplication efficiency, etc.), generating storage modeling and costinginformation, and the like. As an example, a storage manager 140 or othercomponent in the information management system 100 may analyze trafficpatterns and suggest and/or automatically route data via a particularroute to minimize congestion. In some embodiments, the system cangenerate predictions relating to storage operations or storage operationinformation. Such predictions, which may be based on a trendinganalysis, may predict various network operations or resource usage, suchas network traffic levels, storage media use, use of bandwidth ofcommunication links, use of media agent components, etc. Furtherexamples of traffic analysis, trend analysis, prediction generation, andthe like are described in U.S. Pat. No. 7,343,453, which is incorporatedby reference herein.

In some configurations, a master storage manager 140 may track thestatus of storage operation cells in a hierarchy, such as the status ofjobs, system components, system resources, and other items, bycommunicating with storage managers 140 (or other components) in therespective storage operation cells. Moreover, the master storage manager140 may track the status of its associated storage operation cells andinformation management operations by receiving periodic status updatesfrom the storage managers 140 (or other components) in the respectivecells regarding jobs, system components, system resources, and otheritems. In some embodiments, a master storage manager 140 may storestatus information and other information regarding its associatedstorage operation cells and other system information in its index 150(or other location).

The master storage manager 140 or other component may also determinewhether certain storage-related criteria or other criteria aresatisfied, and perform an action or trigger event (e.g., data migration)in response to the criteria being satisfied, such as where a storagethreshold is met for a particular volume, or where inadequate protectionexists for certain data. For instance, in some embodiments, data fromone or more storage operation cells is used to dynamically andautomatically mitigate recognized risks, and/or to advise users of risksor suggest actions to mitigate these risks. For example, an informationmanagement policy may specify certain requirements (e.g., that a storagedevice should maintain a certain amount of free space, that secondarycopies should occur at a particular interval, that data should be agedand migrated to other storage after a particular period, that data on asecondary volume should always have a certain level of availability andbe restorable within a given time period, that data on a secondaryvolume may be mirrored or otherwise migrated to a specified number ofother volumes, etc.). If a risk condition or other criterion istriggered, the system may notify the user of these conditions and maysuggest (or automatically implement) an action to mitigate or otherwiseaddress the risk. For example, the system may indicate that data from aprimary copy 112 should be migrated to a secondary storage device 108 tofree space on the primary storage device 104. Examples of the use ofrisk factors and other triggering criteria are described in U.S. Pat.No. 7,343,453, which is incorporated by reference herein.

In some embodiments, the system 100 may also determine whether a metricor other indication satisfies particular storage criteria and, if so,perform an action. For example, as previously described, a storagepolicy or other definition might indicate that a storage manager 140should initiate a particular action if a storage metric or otherindication drops below or otherwise fails to satisfy specified criteriasuch as a threshold of data protection. Examples of such metrics aredescribed in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

In some embodiments, risk factors may be quantified into certainmeasurable service or risk levels for ease of comprehension. Forexample, certain applications and associated data may be considered tobe more important by an enterprise than other data and services.Financial compliance data, for example, may be of greater importancethan marketing materials, etc. Network administrators may assignpriority values or “weights” to certain data and/or applications,corresponding to the relative importance. The level of compliance ofstorage operations specified for these applications may also be assigneda certain value. Thus, the health, impact, and overall importance of aservice may be determined, such as by measuring the compliance value andcalculating the product of the priority value and the compliance valueto determine the “service level” and comparing it to certain operationalthresholds to determine whether it is acceptable. Further examples ofthe service level determination are provided in U.S. Pat. No. 7,343,453,which is incorporated by reference herein.

The system 100 may additionally calculate data costing and dataavailability associated with information management operation cellsaccording to an embodiment of the invention. For instance, data receivedfrom the cell may be used in conjunction with hardware-relatedinformation and other information about system elements to determine thecost of storage and/or the availability of particular data in thesystem. Exemplary information generated could include how fast aparticular department is using up available storage space, how long datawould take to recover over a particular system pathway from a particularsecondary storage device, costs over time, etc. Moreover, in someembodiments, such information may be used to determine or predict theoverall cost associated with the storage of certain information. Thecost associated with hosting a certain application may be based, atleast in part, on the type of media on which the data resides, forexample. Storage devices may be assigned to a particular costcategories, for example. Further examples of costing techniques aredescribed in U.S. Pat. No. 7,343,453, which is incorporated by referenceherein.

Any of the above types of information (e.g., information related totrending, predictions, job, cell or component status, risk, servicelevel, costing, etc.) can generally be provided to users via the userinterface 158 in a single, integrated view or console (not shown). Theconsole may support a reporting capability that allows for thegeneration of a variety of reports, which may be tailored to aparticular aspect of information management. Report types may include:scheduling, event management, media management and data aging. Availablereports may also include backup history, data aging history, auxiliarycopy history, job history, library and drive, media in library, restorehistory, and storage policy, etc., without limitation. Such reports maybe specified and created at a certain point in time as a systemanalysis, forecasting, or provisioning tool. Integrated reports may alsobe generated that illustrate storage and performance metrics, risks andstorage costing information. Moreover, users may create their ownreports based on specific needs.

The integrated user interface 158 can include an option to show a“virtual view” of the system that graphically depicts the variouscomponents in the system using appropriate icons. As one example, theuser interface 158 may provide a graphical depiction of one or moreprimary storage devices 104, the secondary storage devices 108, dataagents 142 and/or media agents 144, and their relationship to oneanother in the information management system 100. The operationsmanagement functionality can facilitate planning and decision-making.For example, in some embodiments, a user may view the status of some orall jobs as well as the status of each component of the informationmanagement system 100. Users may then plan and make decisions based onthis data. For instance, a user may view high-level informationregarding storage operations for the information management system 100,such as job status, component status, resource status (e.g.,communication pathways, etc.), and other information. The user may alsodrill down or use other means to obtain more detailed informationregarding a particular component, job, or the like. Further examples ofsome reporting techniques and associated interfaces providing anintegrated view of an information management system are provided in U.S.Pat. No. 7,343,453, which is incorporated by reference herein.

The information management system 100 can also be configured to performsystem-wide e-discovery operations in some embodiments. In general,e-discovery operations provide a unified collection and searchcapability for data in the system, such as data stored in the secondarystorage devices 108 (e.g., backups, archives, or other secondary copies116). For example, the information management system 100 may constructand maintain a virtual repository for data stored in the informationmanagement system 100 that is integrated across source applications 110,different storage device types, etc. According to some embodiments,e-discovery utilizes other techniques described herein, such as dataclassification and/or content indexing.

Information Management Policies

As indicated previously, an information management policy 148 caninclude a data structure or other information source that specifies aset of parameters (e.g., criteria and rules) associated with secondarycopy and/or other information management operations.

One type of information management policy 148 is a storage policy.According to certain embodiments, a storage policy generally comprises adata structure or other information source that defines (or includesinformation sufficient to determine) a set of preferences or othercriteria for performing information management operations. Storagepolicies can include one or more of the following items: (1) what datawill be associated with the storage policy; (2) a destination to whichthe data will be stored; (3) datapath information specifying how thedata will be communicated to the destination; (4) the type of storageoperation to be performed; and (5) retention information specifying howlong the data will be retained at the destination (see, e.g., FIG. 1E).

As an illustrative example, data associated with a storage policy can belogically organized into groups. In some cases, these logical groupingscan be referred to as “sub-clients”. A sub-client may represent staticor dynamic associations of portions of a data volume. Sub-clients mayrepresent mutually exclusive portions. Thus, in certain embodiments, aportion of data may be given a label and the association is stored as astatic entity in an index, database or other storage location.Sub-clients may also be used as an effective administrative scheme oforganizing data according to data type, department within theenterprise, storage preferences, or the like. Depending on theconfiguration, sub-clients can correspond to files, folders, virtualmachines, databases, etc. In one exemplary scenario, an administratormay find it preferable to separate e-mail data from financial data usingtwo different sub-clients.

A storage policy can define where data is stored by specifying a targetor destination storage device (or group of storage devices). Forinstance, where the secondary storage device 108 includes a group ofdisk libraries, the storage policy may specify a particular disk libraryfor storing the sub-clients associated with the policy. As anotherexample, where the secondary storage devices 108 include one or moretape libraries, the storage policy may specify a particular tape libraryfor storing the sub-clients associated with the storage policy, and mayalso specify a drive pool and a tape pool defining a group of tapedrives and a group of tapes, respectively, for use in storing thesub-client data. While information in the storage policy can bestatically assigned in some cases, some or all of the information in thestorage policy can also be dynamically determined based on criteria,which can be set forth in the storage policy. For instance, based onsuch criteria, a particular destination storage device(s) (or otherparameter of the storage policy) may be determined based oncharacteristics associated with the data involved in a particularstorage operation, device availability (e.g., availability of asecondary storage device 108 or a media agent 144), network status andconditions (e.g., identified bottlenecks), user credentials, and thelike).

Datapath information can also be included in the storage policy. Forinstance, the storage policy may specify network pathways and componentsto utilize when moving the data to the destination storage device(s). Insome embodiments, the storage policy specifies one or more media agents144 for conveying data associated with the storage policy between thesource (e.g., one or more host client computing devices 102) anddestination (e.g., a particular target secondary storage device 108).

A storage policy can also specify the type(s) of operations associatedwith the storage policy, such as a backup, archive, snapshot, auxiliarycopy, or the like. Retention information can specify how long the datawill be kept, depending on organizational needs (e.g., a number of days,months, years, etc.)

Another type of information management policy 148 is a schedulingpolicy, which specifies when and how often to perform operations.Scheduling parameters may specify with what frequency (e.g., hourly,weekly, daily, event-based, etc.) or under what triggering conditionssecondary copy or other information management operations will takeplace. Scheduling policies in some cases are associated with particularcomponents, such as particular logical groupings of data associated witha storage policy (e.g., a sub-client), client computing device 102, andthe like. In one configuration, a separate scheduling policy ismaintained for particular logical groupings of data on a clientcomputing device 102. The scheduling policy specifies that those logicalgroupings are to be moved to secondary storage devices 108 every houraccording to storage policies associated with the respectivesub-clients.

When adding a new client computing device 102, administrators canmanually configure information management policies 148 and/or othersettings, e.g., via the user interface 158. However, this can be aninvolved process resulting in delays, and it may be desirable to begindata protection operations quickly, without awaiting human intervention.Thus, in some embodiments, the information management system 100automatically applies a default configuration to client computing device102. As one example, when one or more data agent(s) 142 are installed onone or more client computing devices 102, the installation script mayregister the client computing device 102 with the storage manager 140,which in turn applies the default configuration to the new clientcomputing device 102. In this manner, data protection operations canbegin substantially immediately. The default configuration can include adefault storage policy, for example, and can specify any appropriateinformation sufficient to begin data protection operations. This caninclude a type of data protection operation, scheduling information, atarget secondary storage device 108, data path information (e.g., aparticular media agent 144), and the like.

Other types of information management policies 148 are possible,including one or more audit (or security) policies. An audit policy is aset of preferences, rules and/or criteria that protect sensitive data inthe information management system 100. For example, an audit policy maydefine “sensitive objects” as files or objects that contain particularkeywords (e.g., “confidential,” or “privileged”) and/or are associatedwith particular keywords (e.g., in metadata) or particular flags (e.g.,in metadata identifying a document or email as personal, confidential,etc.). An audit policy may further specify rules for handling sensitiveobjects. As an example, an audit policy may require that a reviewerapprove the transfer of any sensitive objects to a cloud storage site,and that if approval is denied for a particular sensitive object, thesensitive object should be transferred to a local primary storage device104 instead. To facilitate this approval, the audit policy may furtherspecify how a secondary storage computing device 106 or other systemcomponent should notify a reviewer that a sensitive object is slated fortransfer.

Another type of information management policy 148 is a provisioningpolicy. A provisioning policy can include a set of preferences,priorities, rules, and/or criteria that specify how client computingdevices 102 (or groups thereof) may utilize system resources, such asavailable storage on cloud storage and/or network bandwidth. Aprovisioning policy specifies, for example, data quotas for particularclient computing devices 102 (e.g., a number of gigabytes that can bestored monthly, quarterly or annually). The storage manager 140 or othercomponents may enforce the provisioning policy. For instance, the mediaagents 144 may enforce the policy when transferring data to secondarystorage devices 108. If a client computing device 102 exceeds a quota, abudget for the client computing device 102 (or associated department) isadjusted accordingly or an alert may trigger.

While the above types of information management policies 148 have beendescribed as separate policies, one or more of these can be generallycombined into a single information management policy 148. For instance,a storage policy may also include or otherwise be associated with one ormore scheduling, audit, or provisioning policies or operationalparameters thereof. Moreover, while storage policies are typicallyassociated with moving and storing data, other policies may beassociated with other types of information management operations. Thefollowing is a non-exhaustive list of items the information managementpolicies 148 may specify:

-   -   schedules or other timing information, e.g., specifying when        and/or how often to perform information management operations;    -   the type of copy 116 (e.g., type of secondary copy) and/or copy        format (e.g., snapshot, backup, archive, HSM, etc.);    -   a location or a class or quality of storage for storing        secondary copies 116 (e.g., one or more particular secondary        storage devices 108);    -   preferences regarding whether and how to encrypt, compress,        deduplicate, or otherwise modify or transform secondary copies        116;    -   which system components and/or network pathways (e.g., preferred        media agents 144) should be used to perform secondary storage        operations;    -   resource allocation among different computing devices or other        system components used in performing information management        operations (e.g., bandwidth allocation, available storage        capacity, etc.);    -   whether and how to synchronize or otherwise distribute files or        other data objects across multiple computing devices or hosted        services; and    -   retention information specifying the length of time primary data        112 and/or secondary copies 116 should be retained, e.g., in a        particular class or tier of storage devices, or within the        information management system 100.

Policies can additionally specify or depend on a variety of historicalor current criteria that may be used to determine which rules to applyto a particular data object, system component, or information managementoperation, such as:

-   -   frequency with which primary data 112 or a secondary copy 116 of        a data object or metadata has been or is predicted to be used,        accessed, or modified;    -   time-related factors (e.g., aging information such as time since        the creation or modification of a data object);    -   deduplication information (e.g., hashes, data blocks,        deduplication block size, deduplication efficiency or other        metrics);    -   an estimated or historic usage or cost associated with different        components (e.g., with secondary storage devices 108);    -   the identity of users, applications 110, client computing        devices 102 and/or other computing devices that created,        accessed, modified, or otherwise utilized primary data 112 or        secondary copies 116;    -   a relative sensitivity (e.g., confidentiality, importance) of a        data object, e.g., as determined by its content and/or metadata;    -   the current or historical storage capacity of various storage        devices;    -   the current or historical network capacity of network pathways        connecting various components within the storage operation cell;    -   access control lists or other security information; and    -   the content of a particular data object (e.g., its textual        content) or of metadata associated with the data object.

Exemplary Storage Policy and Secondary Storage Operations

FIG. 1E includes a data flow diagram depicting performance of storageoperations by an embodiment of an information management system 100,according to an exemplary storage policy 148A. The informationmanagement system 100 includes a storage manger 140, a client computingdevice 102 having a file system data agent 142A and an email data agent142B operating thereon, a primary storage device 104, two media agents144A, 144B, and two secondary storage devices 108A, 108B: a disk library108A and a tape library 108B. As shown, the primary storage device 104includes primary data 112A, which is associated with a logical groupingof data associated with a file system, and primary data 112B, which isassociated with a logical grouping of data associated with email.Although for simplicity the logical grouping of data associated with thefile system is referred to as a file system sub-client, and the logicalgrouping of data associated with the email is referred to as an emailsub-client, the techniques described with respect to FIG. 1E can beutilized in conjunction with data that is organized in a variety ofother manners.

As indicated by the dashed box, the second media agent 144B and the tapelibrary 108B are “off-site”, and may therefore be remotely located fromthe other components in the information management system 100 (e.g., ina different city, office building, etc.). Indeed, “off-site” may referto a magnetic tape located in storage, which must be manually retrievedand loaded into a tape drive to be read. In this manner, informationstored on the tape library 108B may provide protection in the event of adisaster or other failure.

The file system sub-client and its associated primary data 112A incertain embodiments generally comprise information generated by the filesystem and/or operating system of the client computing device 102, andcan include, for example, file system data (e.g., regular files, filetables, mount points, etc.), operating system data (e.g., registries,event logs, etc.), and the like. The e-mail sub-client, on the otherhand, and its associated primary data 112B, include data generated by ane-mail application operating on the client computing device 102, and caninclude mailbox information, folder information, emails, attachments,associated database information, and the like. As described above, thesub-clients can be logical containers, and the data included in thecorresponding primary data 112A, 112B may or may not be storedcontiguously.

The exemplary storage policy 148A includes backup copy preferences (orrule set) 160, disaster recovery copy preferences rule set 162, andcompliance copy preferences or rule set 164. The backup copy rule set160 specifies that it is associated with a file system sub-client 166and an email sub-client 168. Each of these sub-clients 166, 168 areassociated with the particular client computing device 102. The backupcopy rule set 160 further specifies that the backup operation will bewritten to the disk library 108A, and designates a particular mediaagent 144A to convey the data to the disk library 108A. Finally, thebackup copy rule set 160 specifies that backup copies created accordingto the rule set 160 are scheduled to be generated on an hourly basis andto be retained for 30 days. In some other embodiments, schedulinginformation is not included in the storage policy 148A, and is insteadspecified by a separate scheduling policy.

The disaster recovery copy rule set 162 is associated with the same twosub-clients 166, 168. However, the disaster recovery copy rule set 162is associated with the tape library 108B, unlike the backup copy ruleset 160. Moreover, the disaster recovery copy rule set 162 specifiesthat a different media agent, namely 144B, will be used to convey thedata to the tape library 108B. As indicated, disaster recovery copiescreated according to the rule set 162 will be retained for 60 days, andwill be generated on a daily basis. Disaster recovery copies generatedaccording to the disaster recovery copy rule set 162 can provideprotection in the event of a disaster or other catastrophic data lossthat would affect the backup copy 116A maintained on the disk library108A.

The compliance copy rule set 164 is only associated with the emailsub-client 168, and not the file system sub-client 166. Compliancecopies generated according to the compliance copy rule set 164 willtherefore not include primary data 112A from the file system sub-client166. For instance, the organization may be under an obligation to storeand maintain copies of email data for a particular period of time (e.g.,10 years) to comply with state or federal regulations, while similarregulations do not apply to the file system data. The compliance copyrule set 164 is associated with the same tape library 108B and mediaagent 144B as the disaster recovery copy rule set 162, although adifferent storage device or media agent could be used in otherembodiments. Finally, the compliance copy rule set 164 specifies thatcopies generated under the compliance copy rule set 164 will be retainedfor 10 years, and will be generated on a quarterly basis.

At step 1, the storage manager 140 initiates a backup operationaccording to the backup copy rule set 160. For instance, a schedulingservice running on the storage manager 140 accesses schedulinginformation from the backup copy rule set 160 or a separate schedulingpolicy associated with the client computing device 102, and initiates abackup copy operation on an hourly basis. Thus, at the scheduled timeslot the storage manager 140 sends instructions to the client computingdevice 102 (i.e., to both data agent 142A and data agent 142B) to beginthe backup operation.

At step 2, the file system data agent 142A and the email data agent 142Boperating on the client computing device 102 respond to the instructionsreceived from the storage manager 140 by accessing and processing theprimary data 112A, 112B involved in the copy operation, which can befound in primary storage device 104. Because the operation is a backupcopy operation, the data agent(s) 142A, 142B may format the data into abackup format or otherwise process the data.

At step 3, the client computing device 102 communicates the retrieved,processed data to the first media agent 144A, as directed by the storagemanager 140, according to the backup copy rule set 160. In some otherembodiments, the information management system 100 may implement aload-balancing, availability-based, or other appropriate algorithm toselect from the available set of media agents 144A, 144B. Regardless ofthe manner the media agent 144A is selected, the storage manager 140 mayfurther keep a record in the storage manager database 146 of theassociation between the selected media agent 144A and the clientcomputing device 102 and/or between the selected media agent 144A andthe backup copy 116A.

The target media agent 144A receives the data from the client computingdevice 102, and at step 4 conveys the data to the disk library 108A tocreate the backup copy 116A, again at the direction of the storagemanager 140 and according to the backup copy rule set 160. The secondarystorage device 108A can be selected in other ways. For instance, themedia agent 144A may have a dedicated association with a particularsecondary storage device(s), or the storage manager 140 or media agent144A may select from a plurality of secondary storage devices, e.g.,according to availability, using one of the techniques described in U.S.Pat. No. 7,246,207, which is incorporated by reference herein.

The media agent 144A can also update its index 153 to include dataand/or metadata related to the backup copy 116A, such as informationindicating where the backup copy 116A resides on the disk library 108A,data and metadata for cache retrieval, etc. The storage manager 140 maysimilarly update its index 150 to include information relating to thestorage operation, such as information relating to the type of storageoperation, a physical location associated with one or more copiescreated by the storage operation, the time the storage operation wasperformed, status information relating to the storage operation, thecomponents involved in the storage operation, and the like. In somecases, the storage manager 140 may update its index 150 to include someor all of the information stored in the index 153 of the media agent144A. After the 30 day retention period expires, the storage manager 140instructs the media agent 144A to delete the backup copy 116A from thedisk library 108A. Indexes 150 and/or 153 are updated accordingly.

At step 5, the storage manager 140 initiates the creation of a disasterrecovery copy 116B according to the disaster recovery copy rule set 162.

At step 6, illustratively based on the instructions received from thestorage manager 140 at step 5, the specified media agent 144B retrievesthe most recent backup copy 116A from the disk library 108A.

At step 7, again at the direction of the storage manager 140 and asspecified in the disaster recovery copy rule set 162, the media agent144B uses the retrieved data to create a disaster recovery copy 116B onthe tape library 108B. In some cases, the disaster recovery copy 116B isa direct, mirror copy of the backup copy 116A, and remains in the backupformat. In other embodiments, the disaster recovery copy 116B may begenerated in some other manner, such as by using the primary data 112A,112B from the primary storage device 104 as source data. The disasterrecovery copy operation is initiated once a day and the disasterrecovery copies 116B are deleted after 60 days; indexes are updatedaccordingly when/after each information management operation isexecuted/completed.

At step 8, the storage manager 140 initiates the creation of acompliance copy 116C, according to the compliance copy rule set 164. Forinstance, the storage manager 140 instructs the media agent 144B tocreate the compliance copy 116C on the tape library 108B at step 9, asspecified in the compliance copy rule set 164. In the example, thecompliance copy 116C is generated using the disaster recovery copy 116B.In other embodiments, the compliance copy 116C is instead generatedusing either the primary data 112B corresponding to the email sub-clientor using the backup copy 116A from the disk library 108A as source data.As specified, in the illustrated example, compliance copies 116C arecreated quarterly, and are deleted after ten years, and indexes are keptup-to-date accordingly.

While not shown in FIG. 1E, at some later point in time, a restoreoperation can be initiated involving one or more of the secondary copies116A, 116B, 116C. As one example, a user may manually initiate a restoreof the backup copy 116A by interacting with the user interface 158 ofthe storage manager 140. The storage manager 140 then accesses data inits index 150 (and/or the respective storage policy 148A) associatedwith the selected backup copy 116A to identify the appropriate mediaagent 144A and/or secondary storage device 108A.

In other cases, a media agent may be selected for use in the restoreoperation based on a load balancing algorithm, an availability basedalgorithm, or other criteria. The selected media agent 144A retrievesthe data from the disk library 108A. For instance, the media agent 144Amay access its index 153 to identify a location of the backup copy 116Aon the disk library 108A, or may access location information residing onthe disk 108A itself.

When the backup copy 116A was recently created or accessed, the mediaagent 144A accesses a cached version of the backup copy 116A residing inthe index 153, without having to access the disk library 108A for someor all of the data. Once it has retrieved the backup copy 116A, themedia agent 144A communicates the data to the source client computingdevice 102. Upon receipt, the file system data agent 142A and the emaildata agent 142B may unpackage (e.g., restore from a backup format to thenative application format) the data in the backup copy 116A and restorethe unpackaged data to the primary storage device 104.

Exemplary Applications of Storage Policies

The storage manager 140 may permit a user to specify aspects of thestorage policy 148A. For example, the storage policy can be modified toinclude information governance policies to define how data should bemanaged in order to comply with a certain regulation or businessobjective. The various policies may be stored, for example, in themanagement database 146. An information governance policy may comprise aclassification policy, which is described herein. An informationgovernance policy may align with one or more compliance tasks that areimposed by regulations or business requirements. Examples of informationgovernance policies might include a Sarbanes-Oxley policy, a HIPAApolicy, an electronic discovery (E-Discovery) policy, and so on.

Information governance policies allow administrators to obtain differentperspectives on all of an organization's online and offline data,without the need for a dedicated data silo created solely for eachdifferent viewpoint. As described previously, the data storage systemsherein build a centralized index that reflects the contents of adistributed data set that spans numerous clients and storage devices,including both primary and secondary copies, and online and offlinecopies. An organization may apply multiple information governancepolicies in a top-down manner over that unified data set and indexingschema in order to permit an organization to view and manipulate thesingle data set through different lenses, each of which is adapted to aparticular compliance or business goal. Thus, for example, by applyingan E-discovery policy and a Sarbanes-Oxley policy, two different groupsof users in an organization can conduct two very different analyses ofthe same underlying physical set of data copies, which may bedistributed throughout the organization and information managementsystem.

A classification policy defines a taxonomy of classification terms ortags relevant to a compliance task and/or business objective. Aclassification policy may also associate a defined tag with aclassification rule. A classification rule defines a particularcombination of criteria, such as users who have created, accessed ormodified a document or data object; file or application types; contentor metadata keywords; clients or storage locations; dates of datacreation and/or access; review status or other status within a workflow(e.g., reviewed or un-reviewed); modification times or types ofmodifications; and/or any other data attributes in any combination,without limitation. A classification rule may also be defined usingother classification tags in the taxonomy. The various criteria used todefine a classification rule may be combined in any suitable fashion,for example, via Boolean operators, to define a complex classificationrule. As an example, an E-discovery classification policy might define aclassification tag “privileged” that is associated with documents ordata objects that (1) were created or modified by legal departmentstaff, or (2) were sent to or received from outside counsel via email,or (3) contain one of the following keywords: “privileged” or “attorney”or “counsel”, or other like terms.

One specific type of classification tag, which may be added to an indexat the time of indexing, is an entity tag. An entity tag may be, forexample, any content that matches a defined data mask format. Examplesof entity tags might include, e.g., social security numbers (e.g., anynumerical content matching the formatting mask XXX-XX-XXXX), credit cardnumbers (e.g., content having a 13-16 digit string of numbers), SKUnumbers, product numbers, etc.

A user may define a classification policy by indicating criteria,parameters or descriptors of the policy via a graphical user interface,such as a form or page with fields to be filled in, pull-down menus orentries allowing one or more of several options to be selected, buttons,sliders, hypertext links or other known user interface tools forreceiving user input, etc. For example, a user may define certain entitytags, such as a particular product number or project ID code that isrelevant in the organization. In some implementations, theclassification policy can be implemented using cloud-based techniques.For example, the storage devices may be cloud storage devices, and thestorage manager 140 may execute cloud service provider API over anetwork to classify data stored on cloud storage devices.

Exemplary Secondary Copy Formatting

The formatting and structure of secondary copies 116 can vary, dependingon the embodiment. In some cases, secondary copies 116 are formatted asa series of logical data units or “chunks” (e.g., 512MB, 1GB, 2GB, 4GB,or 8GB chunks). This can facilitate efficient communication and writingto secondary storage devices 108, e.g., according to resourceavailability. For example, a single secondary copy 116 may be written ona chunk-by-chunk basis to a single secondary storage device 108 oracross multiple secondary storage devices 108. In some cases, users canselect different chunk sizes, e.g., to improve throughput to tapestorage devices.

Generally, each chunk can include a header and a payload. The payloadcan include files (or other data units) or subsets thereof included inthe chunk, whereas the chunk header generally includes metadata relatingto the chunk, some or all of which may be derived from the payload. Forexample, during a secondary copy operation, the media agent 144, storagemanager 140, or other component may divide the associated files intochunks and generate headers for each chunk by processing the constituentfiles. The headers can include a variety of information such as fileidentifier(s), volume(s), offset(s), or other information associatedwith the payload data items, a chunk sequence number, etc. Importantly,in addition to being stored with the secondary copy 116 on the secondarystorage device 108, the chunk headers can also be stored to the index153 of the associated media agent(s) 144 and/or the index 150. This isuseful in some cases for providing faster processing of secondary copies116 during restores or other operations. In some cases, once a chunk issuccessfully transferred to a secondary storage device 108, thesecondary storage device 108 returns an indication of receipt, e.g., tothe media agent 144 and/or storage manager 140, which may update theirrespective indexes 153, 150 accordingly. During restore, chunks may beprocessed (e.g., by the media agent 144) according to the information inthe chunk header to reassemble the files.

Data can also be communicated within the information management system100 in data channels that connect the client computing devices 102 tothe secondary storage devices 108. These data channels can be referredto as “data streams”, and multiple data streams can be employed toparallelize an information management operation, improving data transferrate, among providing other advantages. Example data formattingtechniques including techniques involving data streaming, chunking, andthe use of other data structures in creating copies (e.g., secondarycopies) are described in U.S. Pat. Nos. 7,315,923 and 8,156,086, and8,578,120, each of which is incorporated by reference herein.

FIGS. 1F and 1G are diagrams of example data streams 170and 171,respectively, which may be employed for performing data storageoperations. Referring to FIG. 1F, the data agent 142 forms the datastream 170from the data associated with a client computing device 102(e.g., primary data 112). The data stream 170is composed of multiplepairs of stream header 172 and stream data (or stream payload) 174. Thedata streams 170 and 171 shown in the illustrated example are for asingle-instanced storage operation, and a stream payload 174 thereforemay include both single-instance (“SI”) data and/or non-SI data. Astream header 172 includes metadata about the stream payload 174. Thismetadata may include, for example, a length of the stream payload 174,an indication of whether the stream payload 174 is encrypted, anindication of whether the stream payload 174 is compressed, an archivefile identifier (ID), an indication of whether the stream payload 174 issingle instanceable, and an indication of whether the stream payload 174is a start of a block of data.

Referring to FIG. 1G, the data stream 171 has the stream header 172 andstream payload 174 aligned into multiple data blocks. In this example,the data blocks are of size 64KB. The first two stream header 172 andstream payload 174 pairs comprise a first data block of size 64KB. Thefirst stream header 172 indicates that the length of the succeedingstream payload 174 is 63KB and that it is the start of a data block. Thenext stream header 172 indicates that the succeeding stream payload 174has a length of 1KB and that it is not the start of a new data block.Immediately following stream payload 174 is a pair comprising anidentifier header 176 and identifier data 178. The identifier header 176includes an indication that the succeeding identifier data 178 includesthe identifier for the immediately previous data block. The identifierdata 178 includes the identifier that the data agent 142 generated forthe data block. The data stream 171 also includes other stream header172 and stream payload 174 pairs, which may be for SI data and/or fornon-SI data.

FIG. 1H is a diagram illustrating the data structures 180 that may beused to store blocks of SI data and non-SI data on the storage device(e.g., secondary storage device 108). According to certain embodiments,the data structures 180 do not form part of a native file system of thestorage device. The data structures 180 include one or more volumefolders 182, one or more chunk folders 184/185 within the volume folder182, and multiple files within the chunk folder 184. Each chunk folder184/185 includes a metadata file 186/187, a metadata index file 188/189,one or more container files 190/191/193, and a container index file192/194. The metadata file 186/187 stores non-SI data blocks as well aslinks to SI data blocks stored in container files. The metadata indexfile 188/189 stores an index to the data in the metadata file 186/187.The container files 190/191/193 store SI data blocks. The containerindex file 192/194 stores an index to the container files 190/191/193.Among other things, the container index file 192/194 stores anindication of whether a corresponding block in a container file190/191/193 is referred to by a link in a metadata file 186/187. Forexample, data block B2 in the container file 190 is referred to by alink in the metadata file 187 in the chunk folder 185. Accordingly, thecorresponding index entry in the container index file 192 indicates thatthe data block B2 in the container file 190 is referred to. As anotherexample, data block B1 in the container file 191 is referred to by alink in the metadata file 187, and so the corresponding index entry inthe container index file 192 indicates that this data block is referredto.

As an example, the data structures 180 illustrated in FIG. 1H may havebeen created as a result of two storage operations involving two clientcomputing devices 102. For example, a first storage operation on a firstclient computing device 102 could result in the creation of the firstchunk folder 184, and a second storage operation on a second clientcomputing device 102 could result in the creation of the second chunkfolder 185. The container files 190/191 in the first chunk folder 184would contain the blocks of SI data of the first client computing device102. If the two client computing devices 102 have substantially similardata, the second storage operation on the data of the second clientcomputing device 102 would result in the media agent 144 storingprimarily links to the data blocks of the first client computing device102 that are already stored in the container files 190/191. Accordingly,while a first storage operation may result in storing nearly all of thedata subject to the storage operation, subsequent storage operationsinvolving similar data may result in substantial data storage spacesavings, because links to already stored data blocks can be storedinstead of additional instances of data blocks.

If the operating system of the secondary storage computing device 106 onwhich the media agent 144 operates supports sparse files, then when themedia agent 144 creates container files 190/191/193, it can create themas sparse files. A sparse file is type of file that may include emptyspace (e.g., a sparse file may have real data within it, such as at thebeginning of the file and/or at the end of the file, but may also haveempty space in it that is not storing actual data, such as a contiguousrange of bytes all having a value of zero). Having the container files190/191/193 be sparse files allows the media agent 144 to free up spacein the container files 190/191/193 when blocks of data in the containerfiles 190/191/193 no longer need to be stored on the storage devices. Insome examples, the media agent 144 creates a new container file190/191/193 when a container file 190/191/193 either includes 100 blocksof data or when the size of the container file 190 exceeds 50 MB. Inother examples, the media agent 144 creates a new container file190/191/193 when a container file 190/191/193 satisfies other criteria(e.g., it contains from approximately 100 to approximately 1000 blocksor when its size exceeds approximately 50 MB to 1GB).

In some cases, a file on which a storage operation is performed maycomprise a large number of data blocks. For example, a 100MB file maycomprise 400 data blocks of size 256KB. If such a file is to be stored,its data blocks may span more than one container file, or even more thanone chunk folder. As another example, a database file of 20GB maycomprise over 40,000 data blocks of size 512KB. If such a database fileis to be stored, its data blocks will likely span multiple containerfiles, multiple chunk folders, and potentially multiple volume folders.Restoring such files may require accessing multiple container files,chunk folders, and/or volume folders to obtain the requisite datablocks.

Value Calculation Systems

Many organizations are hampered by problems associated with dataprotection, application recovery, and data management. Users from smallbusinesses to large enterprises are grappling with data growth,struggling to make data accessible, and fighting to reduce risk, cost,and the complexity of their IT operations. The disclosed system teachesa user how it may reduce complexity and improve efficiency byimplementing an integrated data management and protection solution, suchas the information management system described above. Indeed, the systemidentifies the value received by the user in a data protection and datamanagement solution that integrates multiple data protection and datamanagement functions. The integrated system can combine archiving,backup, snapshot management, reporting, secure data access, eDiscoveryand data analytics, among other functions, thus simplifying dataprotection and data management for an organization.

Traditional total cost of ownership or return on investment (TCO/ROI)analyses tend to focus on hardware and software infrastructure costs,and labor or administrative effects. The disclosed system expands theconversation to discuss other value received by a user, identifiedacross three categories that are more broad than finances in both scopeand impact. These categories are simplification and efficiency, riskreduction, and unlocking data value.

The disclosed system identifies value in an integrated data managementand protection solution, like the information management systemdescribed above, by analyzing information associated with a user's datamanagement and protection needs. The system identifies efficiencies forthe user that would result from implementing an integrated system,identifying value in reducing complexity and infrastructure costs,improving data protection and recovery performance, and boosting IToperational efficiencies. The system also identifies value in riskreduced as a result of reducing operational complexity, improvingrecovery efficiency, and minimizing relative exposure to legal issues,compliance failures, downtime, and data loss. Moreover, an integratedsystem can make data easily searchable and accessible. The system canhelp illustrate the value that data managed by an integrated system cancreate for a business, for example, by improving employee productivity,enhancing organizational decision-making, and enabling IT to devoteresources to more strategic activities.

To convey identified value, the system generates a value dashboard,exhibiting data and graphics portraying the benefits to a user ofutilizing an integrated data management and protection system. The valuedashboard is created using information related to a user's datamanagement and protection needs. This includes data describing theuser's current data management and protection system, informationdescribing the user's business or its industry, input from a user to aquestionnaire, and the like. The system applies value functions to thereceived information, resulting in value data, which is presented to theuser in the value dashboard.

FIG. 2 is a block diagram of various modules of a suitable system 200for identifying value in data management and protection systems andconveying that value to a user. The system 200 generates a valuedashboard, which displays value that would be or is received by acustomer or user implementing an integrated data management andprotection system. The system 200 includes a value computation module210 and a user interface module 220. The system receives user input andoutputs an input interface and a value dashboard. The system 200accesses and stores data in value functions data storage 270, solutionsdata storage 275, and interface data storage 280.

The system can receive user input in a variety of ways. User input canbe solicited and received via a webpage or an application. The systemcan generate and output a graphical input interface that is displayed toa user for entering data. An input interface can include a questionnairefor soliciting feedback from the user and/or fields for receiving auser's submission of information related to a user's data management andprotection needs, including data about a current system used by theuser, information about the user's business, information about theindustry that the user belongs to, information describing datamanagement and protection needs of similarly situated users, and thelike. FIGS. 4A-4J show example input interfaces. In someimplementations, the system receives a file that contains user input. Insome implementations, the system generates vignettes or displays, whichare included as part of a value story. These displays tell a value storybut also receives input from a user. A user can interact with suchdisplays by adjusting slider buttons, submitting information into anentry field, or the like. An example of such displays is discussed withreference to FIGS. 6A through 9E.

The system generates a value dashboard, which displays value that a userwould receive by adopting an integrated data management and protectionsystem. FIGS. 5A and 5B show representative value dashboards. Value isdisplayed through statistics, lists of features, graphs, and so forth.Value is represented with regard to value categories, includingsimplification, risk reduction, and data value. Value thus extends wellbeyond just the monetary cost to a user, and thus the present system isable to provide a richer definition of “value” to a user. As discussedbelow, the system can display a value story on a dashboard.

The value computation module 210 identifies value in an integrated datamanagement and protection system for a user. The value computationmodule 210 accesses value functions in value functions data storage 270,and applies the value functions to user input, resulting in value data,as described below. Value functions include rules and algorithms foridentifying or quantifying value. For example, a value function mayinclude an equation that when applied to user input, results in a timeefficiency realized by implementing an integrated system (often shown inthe Figures as compared to a system provided by Commvault, Inc.). Insome implementations, a value function is used to compute a data andinformation risk exposure score. A value function can be determinedbased on empirically collected data. For example, a value function canbe formed by creating an equation that meets data observed from otherusers implementing an integrated data management and protection system.Value functions can also generate value data for alternative datamanagement and protection systems. For example, the value computationmodule 210 can apply value metrics to information about a user'sexisting data management and protection system.

Some value functions leverage user data to generate formulas that cantake an input, such as amount of data in a user's environment, andestimate annual administrative hours saved or annual full time employeehires avoided. The estimated hours saved and hires avoided valudes maybe developed empirically from analyzing existing data.

Other formulas are more complex. For example, a Data and InformationRisk Exposure Index (DIRE Index, described herein) weights and scoresmultiple different factors and aggregates the scores on a single10-point scale, and compares the DIRE Index scores of current orcompetitive capabilities to the capabilities of an integrated system.The DIRE Index can aggregate operational complexity, recovery efficiencyand data protection efficiency, as well as relative exposure to legalissues, compliance failures, downtime or data loss. The system can scorethese elements of risk and then combine them on a color-coded 10-pointscale to give users a quick idea of risk exposure.

In some implementations, the value computation module 210 identifiesvalue in an integrated system for a user based solely on user input.However, sometimes a person, with little user information, wishes toview or depict value associated with the user implementing an integratedsystem. For example, a person knowing little about an organization maywish to develop a value story showing value received from an integratedsystem for presenting to the organization. The value computation module210 can identify in solutions data storage 275 information associatedwith a data management and protection system implemented by anotheruser. The value computation module may receive a user's selection of anexisting system, or the value computation module may identify a solutionor information about a previous user based at least in part on availableinput from the user. The value computation module 210 can generate valuedata based at least in part on this retrieved information.

The user interface module 220 generates input interfaces and valuedashboards, which are output to the user. The user interface moduleformats input interfaces and value dashboards based on interface dataaccessed in interface data storage 280. In some implementations, theuser interface module 220 correlates value functions with entry fieldsof an input interface, enabling the value computation module to easilyidentify appropriate value functions.

The system 200 identifies value with respect to at least three valuecategories: simplification, risk reduction, and unlocking data value.Simplification includes value associated with IT efficiencies (e.g.,reducing a number of products across an IT environment), operationefficiencies (e.g., reducing operational time), storage efficiencies(e.g., reducing amount of data that is transmitted over the network andstored across storage silos), and administrative efficiencies (e.g.,reduction in manual administrative hours and number of full timeemployees needing to be hired). Risk reduction includes value associatedwith complexity downtime and expected risk, data protection (e.g.,reliability of data protection operations and operation time), recovery(e.g., a number of recovery point objections, and a reduction in restoretime for critical applications), operations (e.g., encryption coverage,reporting coverage, chance of fail compliance, or audit), and operations(encryption coverage, reporting coverage, chance of fail compliance, oraudit). Furthermore, the system can calculate a data and informationrisk exposure score by aggregating the risk reduction category andsubcategories, which are weighted and scaled to 10-points.

EXAMPLE PROCESSES

FIG. 3 is a flow diagram of a process 300 implemented by the valuecalculation system 200 for identifying value in an integrated datamanagement and protection system and automatically conveying this value.In some implementations, the system generates vignettes or displays,which include value discussions for presentation.

At a block 305, the system maintains value functions for determiningvalue associated with an integrated data management and protectionsystem. The system may maintain a separate value function for each ofthe three value categories: simplification, risk reduction, andunlocking data value, and may even maintain separate value functions foreach subcategories noted herein for the three categories. The system canalso maintain value functions for determining value associated withalternative data management and protection systems. For example, valuefunctions may identify value in a competitor's data management andprotection system, a generic system, or a system currently beingimplemented by the user. Alternative systems may combine servicesoffered by different providers of data management and protection. Insome implementations, the system compares identified value associatedwith an integrated data management and protection system with identifiedvalue associated with an alternative data management and protectionsystem.

At a block 310, the system generates an input interface. The inputinterface is a graphical user interface that is displayed to a user tosolicit and receive feedback about a user's data management andprotection needs. The input interface includes data entry fields,including drop down menus, text input fields, and the like, throughwhich a user may provide input. The input interface also displaysgraphics that the user can select or otherwise interact with in order toprovide input. In some implementations, a value function is associatedwith one or more data entry fields, and a result of the value functionis computed based on information entered in the one or more data entryfields. FIGS. 4A-J show a representative input interface, which includesmultiple interfaces for soliciting and receiving input from a user.

At a block 315, the system receives user input related to a user's datamanagement and protection. User input is received via the data entryfields of the input interface. User input may describe a current datamanagement and protection system that the user is using. It may describedata management or protection features that the user wishes to use. Userinput also includes a selection by a user of an integrated systememployed by another user, or a selection of a profile of a user that issimilarly situated (e.g., similar size, industry, data management needs,etc.). For example, a person for a provider of data management andprotection system, wishing to present the value associated with herproduct to a medium-sized law firm, may select a user profile of amedium-sized law firm. In some implementations, user input includesinformation about a user's business operations, including a number ofpeople employed by the user, an industry that the user belongs to,information about its business model, and so forth. In someimplementations, rather than receive user input via the input interface,the system receives a data file containing information comparable touser input.

The input interface of FIGS. 4A-J includes data entry fields, includingtext fields, drop down menus, check boxes, and other entry mechanisms.Data entry fields can be prepopulated with values based on a defaultconfiguration or prior user input. A user can traverse the interfaces ofFIG. 4A-J using buttons “Previous” and “Next.” A user can progressthrough the interfaces without submitting information with regard tosome entry fields.

FIG. 4A shows an interface that includes an index, which outlines stepsto be taken by the user for submitting information related to datamanagement and data storage for a user. FIG. 4B shows an interface forreceiving the submission of information related to an account, includinginformation about the user, including contact information, accountinformation, and financial information. FIG. 4B also includes an entryfield of scenario, through which a user can specify a name for savingthe data submitted via the input interface. FIG. 4C shows an interfacefor receiving a submission by a user of objectives for the user.Objectives are organized under the three value categories:simplification, risk reduction, and data value. The interface canreceive as input a numerical score ranking (e.g. within a range of 1-5)a user's top objectives by entry of a number in an entry field adjacentto a listed objective, such as in the entry field by the objective“Archive—Email.” The interface may receive a selection of a checkboxassociated with an objective. FIG. 4D shows an interface for receiving asubmission by a user of functionality that the user wishes from anintegrated data management and protection system. A user may make aselection of a listed functionality by selecting a checkbox associatedtherewith.

FIG. 4E shows an interface for receiving a submission of informationassociated with a data management and protection environment for theuser. A user can submit information related to an alternativeimplementation and an integrated system. FIG. 4F shows an interface forreceiving a submission of information associated with spending for analternative data management and protection system. The user may supplydata related to the annual software, hardware, and services and disasterrecovery costs of using an alternative system. FIG. 4G shows aninterface for receiving a submission of information associated withspending for an integrated data management and protection system. Theuser may supply data related to the annual software, hardware, andservices and disaster recovery costs of using an integrated system.

FIGS. 4H-4J show interfaces for soliciting information related to valuecategories. FIG. 4H shows an interface for receiving information relatedto simplification, including information describing the alternativesystem for the user and information about a configuration for theintegrated system for the user. The system automatically populates someentry fields with computed values as information related to thealternative system is submitted (as shown in the example of FIG. 4H).FIG. 4I shows an interface for receiving information related to riskreduction, including information describing the alternative system andinformation describing the configuration of the integrated system forthe user (as shown in the example of FIG. 4I). The system automaticallypopulates some entry fields. FIG. 4J shows an interface for receivinginformation related to unlocking the value of the value to the user ofunlocking the stored data.

Returning to FIG. 3, after receiving user input, the process 300proceeds to a decision block 320, and the system 200 determines whetheruser input was satisfactory for identifying value in an integratedsystem for the user. In some implementations, the system determines thatuser input was not satisfactory when the user has submitted a value inan entry field that is determined to be submitted in error, such as ifthe value exceeds a predetermined threshold. In some implementations,the system determines that user input was not satisfactory if the userhas not submitted information into a mandatory entry field. In someimplementations, the system determines that user input is satisfactoryif it includes any information. If the system determines that the userinput is not satisfactory, the process proceeds to a block 325, and thesystem generates a request that the user submit further information. Insome implementations, the system displays an input interface forsoliciting needed information. The process then returns to block 310.

If at decision block 320 the system 200 determines that user input issatisfactory, the process proceeds to a block 330, and the systemidentifies value functions to apply to the user input to identify valuein an integrated data management and protection system. In someimplementations, the system identifies a default set of value functionsused to produce a dashboard. In some implementations, the systemaccesses a data structure that correlates received input and valuefunctions, enabling the system to identify value functions that shouldbe applied to received input based on the input that was received. Insome implementations, a value function is associated with one or moreentry fields of an input interface, and are thus identified based ontheir association.

At a block 335, the system applies the identified value functions to theuser input, generating value data. Value data is discussed further belowwith reference to FIGS. 5A and 5B. In some implementations, value dataincludes a data and information risk exposure score (DIRE Index)generated by the system 200. For example, a data and information riskexposure score may be generated by aggregating weighted scoresassociated with operational complexity, recovery efficiency, andrelative exposure to legal issues, compliance failures, downtime or dataloss, and normalizing the score on a 10-point scale. For example,operational complexity may be represented by a ranking on a scale of1-100; recovery efficiency may be represented by a percentage; andrelative exposure to legal issues, compliance failures, downtime or dataloss may be represented by a ranking on a scale of 1-5. The system candetermine values for each of these metrics based on user input andcompute a data and information risk exposure score. For instance, thesystem may insert values for operational complexity, recoveryefficiency, and relative exposure to legal issues, compliance failures,downtime or data loss, in a function for calculating a data andinformation risk score. As a simple example, a function for calculatinga data and information risk score may divide an operational complexityrank by 10, divide a recovery efficiency percentage by 10, and multiplya relative exposure score by 2, and add these values together to arriveat a data and information risk exposure score. A more detailed algorithmis discussed below.

The DIRE Index represents a risk score for an informationbackup/recovery system. It is typically calculated as a comparisonbetween two information backup systems (with one of those two systemsshown in the Figures as the Commvault system). Two risk scores can becompared to determine which system is more or less prone to risk. TheIndex is based on an accumulated score of individual metric scores,where each metric is a measurable attribute of the system's environmentthat represents an element of risk to the data such as the number ofbackups per day or the amount of time it takes to perform a backup.

Multiple, different metrics (e.g. 20 metrics) are measured in differentcategories (e.g. four categories). Each individual metric value is runthrough a function that results in a score between, e.g. the bestpossible score of 0.0 and the worst possible score of 10.0. Each metricscore is multiplied by a normalized weight to produce its weightedscore. All weighted scores are then summed to determine the overallscore for an environment where a risk score of 0.0 is minimum risk and arisk score of 10.0 is maximum risk. The score is the same as the Index.

A normalized weight is determined by dividing the weight by the sum ofall weights where each metric has one weight representing its relativeimportance in determining the overall Index value or score. Using thistechnique to derive the normalized weight allows the actual weightsentered to be any value. The user entering the weights may not becognizant of the value of each weight relative to all otherweights—other than that any range of values for the weights can be used.User data informs the value of each weight relative to all otherweights. For example: IT Complexity and Annual Unplanned Downtime areweighted, under an example algorithm, higher than Incremental BackupTime or Subjective Level of Risk, which means that IT Complexity andAnnual Downtime are more meaningful when assessing data andinformation's risk to a business.

Each metric is normalized to a risk score between 0.0 and 10.0 using asemi-complex straight line curve with three different slopes and fourpoints that define the curve. See example in FIG. 10. The theory behindthe curve is to place additional emphasis or less emphasis on certainmetric values depending on where they fall relative to four metric valuepoints:

-   -   1) The metric value that represents the lowest or best possible        risk score of 0.0.    -   2) The metric value expected with a particular integrated system        and which results in the risk score of 2.0.    -   3) The metric value expected with another system and which        results in the risk score of 7.0.    -   4) The metric value that represents the highest or worst        possible risk score of 10.0.        An example of the curve is shown in FIG. 10 for the metric        Incremental Backup Time (in minutes). In this example, less time        to perform the backup represents less risk and vice versa. The        four metric value points are, e.g. 120 (0.0 risk score), 170        (2.0 risk score), 320 (7.0 risk score), and 500 (10.0 risk        score).

The semi-complex straight line curve resulting from these four pointsrepresents the function used to determine the risk score for any metricvalue between the lowest possible value and the highest possible valuefor each specific metric. A process for implementing such riskcalculation is as follows.

Step 1—Bring the metric value within a valid range. If less than theminimum then set to the minimum. If greater than the maximum then set tothe maximum.

Step 2—Using the line segment from the curve of FIG. 10 on which themetric value falls, use straight line interpolation to determine theresulting risk score. Given a metric value and two end points (high andlow) each consisting of a value/score pair, a risk score is calculatedusing, e.g. the formula:

Score=(HighScore−LowScore)/(HighValue−LowValue)*(Value−LowValue)+LowScore

Note that 1f the metric's best value was greater than the worst valuethen the line would slope downward from left to right.

More complete logic representing this calculation, using pseudocode, isas follows. In this code the term “Best” represents the best possiblevalue resulting in the best possible score of 0.0 and “Worst” representsthe worst possible value resulting in the worst possible score. Thevalues BestValue, CVValue, OtherValue, and WorstValue are passed in asparameters.

 BestScore = 0  CVScore = 2  OtherScore = 7  WorstScore = 10 IfBestValue < WorstValue Then  Value = Minimum of (Maximum of (Value,BestValue), WorstValue)  Else  Value = Minimum of (Maximum of (Value,WorstValue), BestValue) If Value is Between BestValue and CVValueInclusive Then   Score = (CVScore − BestScore) / (CVValue − BestValue) *(Value   − BestValue) + BestScore  If Value is Between CVValue andOtherValue Inclusive Then  Score = (OtherScore − CVScore) / (OtherValue− CVValue) *    (Value − CVValue) + CVScore If Value is BetweenOtherValue and WorstValue Inclusive Then  Score = (WorstScore −OtherScore) / (WorstValue − OtherValue)   * (Value − OtherValue) +OtherScore

With all of the metric risk scores determined, the Index score isdetermined by multiplying each metric risk score by the normalizedweight. Each normalized weight is calculated by dividing the weightentered by the analyst by the sum of all weights entered user. Below areexamples of metrics to be used to determine the Index score. With eachis also listed the weight, the best or least risky value (Best), theexpected new system value (CV), the expected existing system value(Other), and the worst or most risky value (Worst).

Category Metric Weight Best CV Other Worst Complexity, Downtime, ITComplexity 12 2 4 8 24 Subjective Risk Complexity, Downtime, AnnualUnplanned Downtime Hours 10 0 11 25 48 Subjective Risk Complexity,Downtime, Subjective Weighted Level of Risk 2 1 2 4 5 Subjective RiskData Protection Backup Reliability 8 100% 94% 79% 60% Data ProtectionRestore Reliability 8 100% 96% 75% 60% Data Protection Full Backup TimeMinutes 4 120 960 1660 2000 Data Protection Incremental Backup TimeMinutes 2 120 170 320 500 Data Protection Offsite Copy Time Minutes 2120 170 320 500 Recovery Number of Recovery Points per Day 5 12 6 1 1Recovery Exchange Restore Time Minutes 3 10 50 570 700 Recovery OracleRestore Time Minutes 3 50 130 330 400 Recovery SQL Restore Time Minutes3 30 60 250 400 Recovery VM Restore Time Minutes 3 50 85 260 400Recovery RPO (Recovery Point Objective) 4 50 240 690 900 MinutesOperations Chance to Fail Compliance 4  0%  2% 10% 15% Operations Chanceto Fail Audit 4  0%  2% 10% 15% Operations Chance of Theft or Breach 9 0%  2% 10% 15% Operations Protection Coverage 8 100% 98% 85% 40%Operations Encryption Coverage 4 100% 98% 50% 40% Operations ReportingCoverage 2 100% 98% 65% 40%

An example algorithm or formula for generating the Index value or scoremay be:

-   -   1. Receive as input numerous numeric inputs for each of numerous        factors (e.g. ˜20 values)    -   2. Weight each value    -   3. Assign a score for each weighted value based on bounded        values    -   4. Add the scores and normalize to 10-point scale

At block 340, the system generates a value dashboard using the generatedvalue data and Index score. The value dashboard displays value data,including raw data, computed values, charts, and so forth, for conveyingvalue to the user. FIGS. 5A and 5B show a representative value dashboard500. FIG. 5A shows value data related to the financial value category.The dashboard displays financial data comparing an alternative orexisting data management and protection system and an integrated datamanagement and protection system, including return on investment (ROI)time horizon (e.g. 2 years), ROI, payback period, internal rate ofreturn (IRR), net present value (NPV), net benefit. The dashboard alsodisplays a line graph showing cumulative spending for an integratedsystem versus an alternative system; a bar graph showing total spendingrelated to software, hardware, services, and labor; and a bar graphshowing the net benefit of software, hardware, services, and labor costsbetween the integrated system and the alternative system.

FIG. 5B shows value data related to value categories of simplification,risk reduction, and unlocking of data value. The dashboard displays lineand bar graphs to convey value associated with simplification. A firstbar/line graph 510 compares an alternative/existing system and anintegrated system, showing storage efficiencies and terabytes (TB)transferred, including an amount of data (in TB) backed up per week andan amount of protection data (in TB) sent over the network per week. Asecond bar/line graph 520 shows storage efficiencies related to transfertime. Bar graphs are distributed along the x-axis, and relate to fullbackup time, incremental backup time, and offsite copy time. A third bargraph 530 shows storage efficiencies for a two year data footprint.

Value data for risk reduction includes a list of risk elements 540 thata user is exposed to. Value data also includes a data and informationrisk exposure score for the alternate system (score=4.82) and theintegrated system (score=1.73). A table additionally compares thealternative/existing system and the integrated system as percent backupreliability, percent restore reliability, number of hours unplanneddowntime, and number of RPO minutes. A graph and line chart 560 showsprotection efficiencies between the alternative system and theintegrated system for Microsoft Exchange restore time, Oracle databaserestore time, SQL restore time, and virtual machine (VM) restore time.Value data associated with unlocking data value includes a table 570containing data related to savings, gains, and value of having dataavailable to the user. A bar chart 580 shows data value efficienciesbetween an integrated system and an alternative system with reference tofile recovery and message recovery. After the system generates the valuedashboard, the process 300 returns. The system may take elements of thedashboard and insert them into a slide presentation to be presented ordisplayed to a user or prospect.

One way for the system to portray the value of using an integrated datamanagement and protection system is through value stories. A value storymay be produced by an interactive presentation application. The valuestory is comprised of multiple displays, which provide an interface toconvey value to and receive input from a user. Each display of a valuestory may relate to a particular aspect of a user's data management andprotection needs. For example, a first display may request informationassociated with a user's IT department and a second display may requestinformation associated with the user's management.

FIGS. 6A and 6B show interfaces for presenting a simple value story.FIG. 6A shows a GUI for an interactive presentation application thatincludes various, simplified data entry fields and sliders for a user tomanipulate. After a user submits information via the sliders/entryfields, the system generates a dashboard for conveying values. Thesystem may implement a process analogous to the process described withrespect to FIG. 3 to present data, receive user input, and identifyvalue associated with an integrated data management and protectionsystem. FIG. 6B shows a dashboard for portraying value associated withan integrated data management and protection system based on data inputvia the GUI of FIG. 6A. In this example, a bar chart shows the greatreduction in certain data storage categories by adopting the integrateddata storage system over that of a standard system without any datareduction (e.g. large reduction in tape storage and cloud copies). Avalue story can be used by a person to identify value for a user earlyon in a sales cycle, before the person has learned details about auser's data management and protection needs.

FIG. 7 shows an illustrative graphical user interface or display showinga value story for conveying value of a user implementing a datamanagement and protection system such as for cloud management. Overall,the system can generate a specific value comparison, including cost. Ofcourse, many other displays are possible for other aspects of datastorage and management, and described herein.

As discussed throughout, the system 200 identifies value with respect toat least three value categories, where these categories aremultifaceted. First, simplification and efficiency include reductionsin: administrative overhead; infrastructure cost and complexity; plannedfull-time employee hires; and total storage footprint. An integratedsystem, e.g. reduces weekly administrative hours across multiplecategories, improves backup and offsite copy time, reduces the need tohire additional full-time employees, and reduces total terabytes backedup, carried over network, and stored on secondary tiers. Combined, thesebenefits reduce complexity in the data storage environment and improveefficiencies.

Second, risk reduction includes: operational improvements; reductions inapplication recovery time; and reductions in subjective measure ofexposure to compliance failures, litigation issues or data loss. Anintegrated system, e.g. increases backup reliability, reduces averageapplication recovery point objectives, and delivers significantreductions in application and database recovery time. Additional factorssuch as reduced complexity in the IT environment and improved dataaccess also contribute to risk reduction. Combined, these benefitssignificantly improve data protection and recovery operations and reduceorganizational exposure to downtime as well as revenue and data loss.

Third, unlocking data value includes: reductions in object recoverytime, indexing and housing of all managed data, storing data in singlevirtual repository, access for IT and end-users to the data, and makingIT more strategic to the business. The integrated system, e.g. reducesfile recovery time, reduces message recovery time, provides faster timeto value over previous systems, reduces litigation discovery costs, anddrives employee productivity gains. These benefits can combine to makean integrated data management system more strategically important to anorganization relative to competitive data management systems. Thebenefit of the present system is that it calculates, organizes, andsummarizes these potential benefits in a unique and compelling way forany user contemplating the purchase of an integrated data managementsystem.

The DIRE Index score, noted above, may include five elements orcategories of risk: 1. Downtime, 2. IT Complexity, 3. Data ProtectionEfficiency, 4. Recovery Efficiency, and 5. Operational Exposure, whichmay be defined as follows:

Downtime: average number of hours of unplanned downtime that impact anorganization annually;

IT Complexity: number of hardware, software, snapshot, replication andscripting vendors and/or solutions the information management systemmust support;

Protection Efficiency: reliability and efficiency of an organization'sdata protection operations;

Recovery Efficiency: speed, efficiency, reliability and scope of anorganization's recovery capabilities; and

Operational Exposure: amount of protection, encryption and reportingcoverage an organization can provide across its data; how exposed theorganization is to compliance failures, legal issues and data loss; alsoincluded in this category is an organization's “subjective level ofrisk”—while not weighted highly algorithmically, it is important toconsider each organization's subjective understanding of its dataexposure when generating a comprehensive Index score.

IT Complexity category, in smaller environments, can be measured by anumber of disk arrays, software products, and specific scripts within acurrent or proposed/competitive environment. The present system cancompare this to an anticipated number of arrays, software solutions andscripts that would be required in the integrated system. In largerenvironments, multi-petabyte environments, for example, IT Complexitycan be measured in the aggregate—the number of hardware and softwarevendors (as opposed to arrays), or the number of application or databaseenvironments (vs. individual databases) that require scripting support.In either case, the risk principle remains the same: the greater thecomplexity, the greater the risk. Complexity makes it more difficult tobring multiple systems back online after an outage; more time consumingto perform recovery; and more difficult to protect and secure anenvironment tied together with multiple scripts.

Advantageously, the integrated information management system describedin detail above often eliminates multiple, sometimes dozens of softwaresolutions and hardware silos by virtualizing storage for backup,archive, snapshot, compliance and discovery data under a single index. Asingle index in the integrated system makes it easier to restoremultiple systems after an outage; significantly reduces recovery time;makes it easier to secure and environment; eliminate scripts; andsimplifies IT operations across the board. Simplifying IT environmentsand reducing IT complexity reduces risk. The system therefore weights ITComplexity highly in the Index score.

The Index score represents relative risk for any IT environment. Asnoted herein, the Index score is based on an accumulated score ofindividual metrics, where each metric is a measurable attribute of theinstallation's environment that represents an element of risk to thedata such as the amount of time it takes to perform a backup or thenumber of recovery points per day.

Examples of alternative or additional user interfaces are shown withrespect to FIGS. 8A through 9E. FIG. 8A and Be sure comparison betweenan existing or “point product” and an integrated system (“Commvault”),with respect to virtualization. FIGS. 8A through 8E show similar userinterfaces, but for loaded recovery costs, recovery capabilities andlegal discovery savings as calculated and displayed by the presentsystem.

FIG. 9A shows a user interface that conveys to a user five elements usedby the present system to compute the DIRE Index score. FIGS. 9B and 9Cshow user interfaces that let a user to input data into the system, asdescribed above. FIGS. 9D and 9E show sample output provided by thepresent system to show a computed Index score for a user's currentsystem versus an integrated system, together with corresponding dataused to generate the score.

Note, the system may employ two types of data input to the system forgenerating the Index score and other values. The first type of data isdata previously gathered via survey related to performance of existinginformation management systems, which may be statistically validated,e.g. by third party consultant. This data is then used as empiricallyderived data for input to the elements or categories of risk notedabove. This prior user data provides baseline values for different areasof impact and different metrics of value, providing a crediblefoundation when presenting value calculations back to users. The secondtype of data is data supplied by the current user of the system usingthe user interfaces discussed above. Users can change these valuesfreely, but the prior user data provides the credible baseline—empiricaldata to provide more accurate, automatic data calculations

In other words, there is a distinction between data supplied by the userof the various Value Tools (the second type of data), and data builtinto the Value Tools based on previous surveys and prior usage (thefirst type of data). For example, FIGS. 8D, 9C and 9E all incorporatebaseline Recovery Time Reductions that may be obtained from surveys orfrom other empirically derived ways. The data from our user surveys isincorporated into the calculations noted above, so that the system canprovide default values for, e.g., average Recovery Time Reductions asreported by prior users. The user of the Value Calculator can adjust thedifferent factors/categories—but often the baseline data is supplied bythe earlier user survey data.

Terminology

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainembodiments include, while other embodiments do not include, certainfeatures, elements and/or steps. Thus, such conditional language is notgenerally intended to imply that features, elements and/or steps are inany way required for one or more embodiments or that one or moreembodiments necessarily include logic for deciding, with or without userinput or prompting, whether these features, elements and/or steps areincluded or are to be performed in any particular embodiment.

Unless the context clearly requires otherwise, throughout thedescription and the claims, the words “comprise,” “comprising,” and thelike are to be construed in an inclusive sense, as opposed to anexclusive or exhaustive sense; that is to say, in the sense of“including, but not limited to.” As used herein, the terms “connected,”“coupled,” or any variant thereof means any connection or coupling,either direct or indirect, between two or more elements; the coupling orconnection between the elements can be physical, logical, or acombination thereof. Additionally, the words “herein,” “above,” “below,”and words of similar import, when used in this application, refer tothis application as a whole and not to any particular portions of thisapplication. Where the context permits, words in the above DetailedDescription using the singular or plural number may also include theplural or singular number respectively. The word “or” in reference to alist of two or more items, covers all of the following interpretationsof the word: any one of the items in the list, all of the items in thelist, and any combination of the items in the list. Likewise the term“and/or” in reference to a list of two or more items, covers all of thefollowing interpretations of the word: any one of the items in the list,all of the items in the list, and any combination of the items in thelist.

Depending on the embodiment, certain operations, acts, events, orfunctions of any of the algorithms described herein can be performed ina different sequence, can be added, merged, or left out altogether(e.g., not all are necessary for the practice of the algorithms).Moreover, in certain embodiments, operations, acts, functions, or eventscan be performed concurrently, e.g., through multi-threaded processing,interrupt processing, or multiple processors or processor cores or onother parallel architectures, rather than sequentially.

Systems and modules described herein may comprise software, firmware,hardware, or any combination(s) of software, firmware, or hardwaresuitable for the purposes described herein. Software and other modulesmay reside and execute on servers, workstations, personal computers,computerized tablets, PDAs, and other computing devices suitable for thepurposes described herein. Software and other modules may be accessiblevia local memory, via a network, via a browser, or via other meanssuitable for the purposes described herein. Data structures describedherein may comprise computer files, variables, programming arrays,programming structures, or any electronic information storage schemes ormethods, or any combinations thereof, suitable for the purposesdescribed herein. User interface elements described herein may compriseelements from graphical user interfaces, interactive voice response,command line interfaces, and other suitable interfaces.

Further, the processing of the various components of the illustratedsystems can be distributed across multiple machines, networks, and othercomputing resources. In addition, two or more components of a system canbe combined into fewer components. Various components of the illustratedsystems can be implemented in one or more virtual machines, rather thanin dedicated computer hardware systems and/or computing devices.Likewise, the data repositories shown can represent physical and/orlogical data storage, including, for example, storage area networks orother distributed storage systems. Moreover, in some embodiments theconnections between the components shown represent possible paths ofdata flow, rather than actual connections between hardware. While someexamples of possible connections are shown, any of the subset of thecomponents shown can communicate with any other subset of components invarious implementations.

Embodiments are also described above with reference to flow chartillustrations and/or block diagrams of methods, apparatus (systems) andcomputer program products. Each block of the flow chart illustrationsand/or block diagrams, and combinations of blocks in the flow chartillustrations and/or block diagrams, may be implemented by computerprogram instructions. Such instructions may be provided to a processorof a general purpose computer, special purpose computer,specially-equipped computer (e.g., comprising a high-performancedatabase server, a graphics subsystem, etc.) or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor(s) of the computer or other programmabledata processing apparatus, create means for implementing the actsspecified in the flow chart and/or block diagram block or blocks.

These computer program instructions may also be stored in anon-transitory computer-readable memory that can direct a computer orother programmable data processing apparatus to operate in a particularmanner, such that the instructions stored in the computer-readablememory produce an article of manufacture including instruction meanswhich implement the acts specified in the flow chart and/or blockdiagram block or blocks. The computer program instructions may also beloaded onto a computing device or other programmable data processingapparatus to cause a series of operations to be performed on thecomputing device or other programmable apparatus to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide steps for implementingthe acts specified in the flow chart and/or block diagram block orblocks.

Any patents and applications and other references noted above, includingany that may be listed in accompanying filing papers, are incorporatedherein by reference. Aspects of the invention can be modified, ifnecessary, to employ the systems, functions, and concepts of the variousreferences described above to provide yet further implementations of theinvention.

These and other changes can be made to the invention in light of theabove Detailed Description. While the above description describescertain examples of the invention, and describes the best modecontemplated, no matter how detailed the above appears in text, theinvention can be practiced in many ways. Details of the system may varyconsiderably in its specific implementation, while still beingencompassed by the invention disclosed herein. As noted above,particular terminology used when describing certain features or aspectsof the invention should not be taken to imply that the terminology isbeing redefined herein to be restricted to any specific characteristics,features, or aspects of the invention with which that terminology isassociated. In general, the terms used in the following claims shouldnot be construed to limit the invention to the specific examplesdisclosed in the specification, unless the above Detailed Descriptionsection explicitly defines such terms. Accordingly, the actual scope ofthe invention encompasses not only the disclosed examples, but also allequivalent ways of practicing or implementing the invention under theclaims.

To reduce the number of claims, certain aspects of the invention arepresented below in certain claim forms, but the applicant contemplatesthe various aspects of the invention in any number of claim forms. Forexample, while only one aspect of the invention is recited as ameans-plus-function claim under 35 U.S.C sec. 112(f) (AIA), otheraspects may likewise be embodied as a means-plus-function claim, or inother forms, such as being embodied in a computer-readable medium. Anyclaims intended to be treated under 35 U.S.C. § 112(f) will begin withthe words “means for”, but use of the term “for” in any other context isnot intended to invoke treatment under 35 U.S.C. § 112(f). Accordingly,the applicant reserves the right to pursue additional claims afterfiling this application, in either this application or in a continuingapplication.

1-17. (canceled)
 18. A computer-implementable method of providing dataassociated with implementing an integrated data management andprotection system, the method comprising: maintaining value functionsfor quantifying value associated with implementing an integrated datamanagement and protection system; receiving user input regarding valueassociated with implementing the integrated data management andprotection system, wherein the value associated with implementing theintegrated data management and protection system relates to at least twoof cost reduction, risks, and obtaining value from data; providing aninterface to display a request for a user to submit, via the interface,information associated with data management and protection, wherein theinterface includes data entry fields for receiving informationassociated with data management and protection, and wherein theinformation associated with data management and protection includesinformation related to at least three of complexity of an existing datamanagement and protection system, data protection reliability, datarecovery time, and operational oversight for the existing datamanagement and protection system; receiving user-submitted informationvia the data entry fields of the interface; identifying value functionsfor quantifying value associated with implementing the integrated datamanagement and protection system; applying the value functions to thereceived information, wherein the value functions result in value datafor the integrated data management and protection system when applied tothe received user-submitted information, and wherein the applyingincludes generating a single, combined index score that aggregates thevalue data obtained by applying the value functions to theuser-submitted information; and, generating a value dashboard thatdisplays the value data for the integrated data management andprotection system, wherein the value data is indicative of valueassociated with implementing the integrated data management andprotection system versus use of the existing data management andprotection system.
 19. The method of claim 18, further comprising:identifying alternative value functions for quantifying value associatedwith implementing an alternative data management and protection system;and applying the identified alternative value functions to the receiveduser-submitted information, wherein the identified alternative valuefunctions result in alternative value data for the alternative datamanagement and protection system when applied to the receiveduser-submitted information, and wherein the value dashboard displays thealternative value data relative to the value data indicative of valueassociated with implementing the integrated data management andprotection system.
 20. The method of claim 18, wherein generating avalue dashboard that displays the value data includes displaying thevalue data with reference to three categories of value: simplification,risk reduction, and data value, and wherein the dashboard includes thecombined index score.
 21. The method of claim 18, wherein the integrateddata management and protection system performs at least the followingfunctions: archiving, backup, snapshot management, reporting, securedata access, eDiscovery and data analytics.
 22. The method of claim 18,wherein the value dashboard displays information describing a valuestory of an integrated data management and protection system.
 23. Themethod of claim 18, further comprising weighting at least some of thereceived user-submitted information, and wherein the applying includesgenerating a single, combined index score that aggregates the value dataobtained by applying the value functions to the weighted, user-submittedinformation.
 24. The method of claim 18, wherein a value function of thevalue functions applied to the received information is associated withrisk reduction, and wherein the value function results in a single scoreindicating relative risk associated with the integrated data managementand protection system.
 25. At least one non-transitory computer-readablemedium, carrying instructions, which when executed by at least one dataprocessor, performs operations associated with data management systems,the operations comprising: maintaining value functions for quantifyingvalue associated with implementing an integrated data management system;generating an interface to display a request for information associatedwith an existing data management system, wherein the interface includesdata entry locations for receiving information associated with theexisting data management system, and wherein the information associatedwith the existing data management system includes information related toat least three of complexity of the existing data management system,data protection reliability, data recovery time, and operationaloversight for the existing data management system; applying weightsand/or value functions to information submitted via the data entrylocations of the interface; wherein the value functions calculate valuesrelated to performance of the existing data management system based onthe received information, and calculate values related to performance ofthe integrated data management system based on the received information,wherein the values related to performance of the existing datamanagement system relate to at least two of: cost reduction, risks, andobtaining value from data, and wherein applying value functions includesgenerating an index score that represents an aggregation of thecalculated values related to the existing data management system basedon the received information; and, generating a dashboard that displaysthe calculated values related to performance of the integrated datamanagement system and the existing data management system, wherein thecalculated values include a comparison between performance of theintegrated data management and the existing data management system, andwherein the dashboard is configured to display the index score, arelative risk associated with the index score, or both the index scoreand the relative risk associated with the index score.
 26. Thecomputer-readable medium of claim 25, further comprising: identifyingalternative value functions for quantifying value associated with theuser implementing an alternative data management system; and applyingthe identified alternative value functions to the received information,wherein the alternative value functions result in alternative value datafor the alternative data management system when applied to the receivedinformation, and wherein the value dashboard displays the alternativevalue data relative to the value data indicative of value associatedwith implementing the integrated data management system.
 27. Thecomputer-readable medium of claim 25, wherein generating a valuedashboard that displays the value data includes displaying the valuedata with reference to three categories of value: simplification, riskreduction, and data value.
 28. The computer-readable medium of claim 25,wherein the integrated data management system performs at least thefollowing functions: archiving, backup, snapshot management, reporting,secure data access, eDiscovery and data analytics.
 29. Thecomputer-readable medium of claim 25, wherein the value dashboarddisplays data describing a value story of the integrated data managementsystem.
 30. The computer-readable medium of claim 25, wherein a valuefunction of the value functions applied to the received information isassociated with risk reduction, and wherein the value function resultsin a single score indicating relative risk associated with theintegrated data management system.
 31. A system that performs operationsrelated to implementing an integrated data management system, the systemcomprising: at least one data processor; and at least one non-transitorymemory, coupled to the at least one data processor and storinginstructions, which when executed by the at least one data processor,perform a method comprising causing an interface to generated thatprovides a request for information associated with data management,wherein the interface includes data entry prompts for receiving, from auser, information associated with data management, and wherein theinformation associated with data management includes information relatedto at least three of complexity of an existing data management system,data protection reliability, data recovery time, and operationaloversight for the existing data management system; receiving informationsubmitted by the user via the data entry prompts of the interface;quantifying value associated with an integrated data management systembased at least in part on the received information, wherein the value isquantified in relation to at least two value categories, and wherein thevalue categories include simplification, risk reduction, and data value;and generating a value dashboard that displays the quantified valueassociated with the integrated data management system, wherein thedashboard provides a single index score that represents an aggregationof calculated values related to the received information associated withthe data management for the user.
 32. The system of claim 31, furthercomprising: quantifying value associated with an alternative datamanagement system based at least in part on the received information;and wherein the value dashboard displays the alternative value datarelative to the value data indicative of value associated with the userimplementing the integrated data management system.
 33. The system ofclaim 31, wherein the integrated data management system performs atleast the following functions: archiving, backup, snapshot management,reporting, secure data access, eDiscovery and data analytics.
 34. Thesystem of claim 31, wherein the value dashboard displays vignettesdescribing a value story of an integrated data management system.